Vulnerabilities > IBM > Infosphere Information Server
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-05 | CVE-2018-1432 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. | 4.3 |
2018-06-05 | CVE-2017-1350 | Unspecified vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. | 7.2 |
2018-03-12 | CVE-2016-0250 | XXE vulnerability in IBM Infosphere Information Server 11.3/11.3.1/11.5 XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. | 5.5 |
2017-08-14 | CVE-2017-1469 | Code Injection vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. | 4.6 |
2017-08-02 | CVE-2017-1495 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. | 4.0 |
2017-08-02 | CVE-2017-1468 | Unspecified vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. | 4.6 |
2017-08-02 | CVE-2017-1467 | Unspecified vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. network ibm | 6.8 |
2017-08-02 | CVE-2017-1383 | XXE vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2017-07-12 | CVE-2017-1321 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. | 4.3 |
2017-02-08 | CVE-2015-7493 | Information Exposure vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | 1.9 |