Vulnerabilities > IBM > Infosphere Information Server

DATE CVE VULNERABILITY TITLE RISK
2020-04-16 CVE-2020-4347 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment.
network
low complexity
ibm CWE-732
7.3
2020-03-10 CVE-2020-4162 Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2020-02-05 CVE-2013-0507 Session Fixation vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability
network
low complexity
ibm CWE-384
8.1
2019-07-01 CVE-2019-4237 Cross-site Scripting vulnerability in IBM products
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page.
network
low complexity
ibm CWE-79
5.4
2019-06-17 CVE-2018-1845 XXE vulnerability in IBM products
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2019-06-06 CVE-2019-4185 Unspecified vulnerability in IBM products
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component.
high complexity
ibm
8.3
2019-04-25 CVE-2019-4238 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-04-02 CVE-2018-1917 Information Exposure vulnerability in IBM products
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information.
network
low complexity
ibm CWE-200
6.5
2019-04-02 CVE-2018-1906 Unspecified vulnerability in IBM products
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request.
network
low complexity
ibm
6.5
2019-02-15 CVE-2018-1727 XXE vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1