Vulnerabilities > IBM > Infosphere Information Server ON Cloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-4220 | Use of Hard-coded Credentials vulnerability in IBM products IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. | 5.5 |
| 2019-06-06 | CVE-2019-4185 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. high complexity ibm | 8.3 |
| 2019-04-25 | CVE-2019-4238 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2019-04-10 | CVE-2018-1994 | SQL Injection vulnerability in IBM products IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. | 7.5 |
| 2019-04-02 | CVE-2018-1917 | Information Exposure vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. | 4.0 |
| 2019-04-02 | CVE-2018-1906 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. | 4.0 |
| 2019-03-05 | CVE-2018-1899 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. low complexity ibm | 3.3 |
| 2019-03-05 | CVE-2018-1875 | Open Redirect vulnerability in IBM products IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2019-02-15 | CVE-2018-1895 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. | 3.5 |
| 2019-02-15 | CVE-2018-1701 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. network ibm | 6.0 |