Vulnerabilities > IBM > Infosphere Information Server > 11.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-04 | CVE-2020-4702 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. | 3.5 |
| 2020-04-16 | CVE-2020-4347 | Improper Privilege Management vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. | 7.5 |
| 2020-03-10 | CVE-2020-4162 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7 IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. | 3.5 |
| 2019-07-01 | CVE-2019-4237 | Cross-site Scripting vulnerability in IBM products A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. | 5.4 |
| 2019-06-17 | CVE-2018-1845 | XXE vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-04-25 | CVE-2019-4238 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2019-04-02 | CVE-2018-1917 | Information Exposure vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. | 4.0 |
| 2019-04-02 | CVE-2018-1906 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. | 4.0 |
| 2019-02-15 | CVE-2018-1727 | XXE vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2019-02-15 | CVE-2018-1701 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. network ibm | 6.0 |