Vulnerabilities > IBM > Infosphere Information Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-19 | CVE-2020-4298 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2020-05-19 | CVE-2020-4286 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2020-04-16 | CVE-2020-4347 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. | 7.3 |
| 2020-03-10 | CVE-2020-4162 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7 IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2020-02-05 | CVE-2013-0507 | Session Fixation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 8.1 |
| 2019-07-01 | CVE-2019-4237 | Cross-site Scripting vulnerability in IBM products A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. | 5.4 |
| 2019-06-17 | CVE-2018-1845 | XXE vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-06-06 | CVE-2019-4185 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. high complexity ibm | 8.3 |
| 2019-04-25 | CVE-2019-4238 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2019-04-02 | CVE-2018-1917 | Information Exposure vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. | 6.5 |