Vulnerabilities > IBM > Infosphere Information Server

DATE CVE VULNERABILITY TITLE RISK
2017-08-02 CVE-2017-1383 XXE vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2017-07-12 CVE-2017-1321 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-08 CVE-2015-7493 Information Exposure vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.
local
high complexity
ibm CWE-200
4.7
2017-02-01 CVE-2016-8999 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6059 XXE vulnerability in IBM products
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-02-01 CVE-2016-5994 Information Exposure vulnerability in IBM Infosphere Information Server 11.5
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.
network
low complexity
ibm CWE-200
6.5
2017-02-01 CVE-2016-5984 Cross-site Scripting vulnerability in IBM products
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.
network
low complexity
ibm CWE-79
6.1
2016-03-03 CVE-2015-7490 Improper Access Control vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.
network
high complexity
ibm CWE-284
3.1