Vulnerabilities > IBM > Infosphere Information Server

DATE CVE VULNERABILITY TITLE RISK
2019-02-15 CVE-2018-1701 Unspecified vulnerability in IBM products
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server.
network
high complexity
ibm
8.5
2018-10-18 CVE-2018-1518 Inadequate Encryption Strength vulnerability in IBM products
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information.
local
low complexity
ibm CWE-326
5.5
2018-06-05 CVE-2018-1454 Cleartext Transmission of Sensitive Information vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-319
5.9
2018-06-05 CVE-2018-1432 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page.
network
low complexity
ibm CWE-1021
6.1
2018-06-05 CVE-2017-1350 Unspecified vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls.
local
low complexity
ibm
7.8
2018-03-12 CVE-2016-0250 XXE vulnerability in IBM Infosphere Information Server
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data.
network
low complexity
ibm CWE-611
5.4
2017-08-14 CVE-2017-1469 Code Injection vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories.
local
low complexity
ibm CWE-94
7.8
2017-08-02 CVE-2017-1495 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials.
network
low complexity
ibm CWE-119
4.9
2017-08-02 CVE-2017-1468 Unspecified vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories.
local
low complexity
ibm
7.8
2017-08-02 CVE-2017-1467 Unspecified vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access.
network
high complexity
ibm
8.1