Vulnerabilities > IBM > Infosphere Information Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-26 CVE-2024-40689 Unspecified vulnerability in IBM products
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.
network
low complexity
ibm
critical
9.8
2023-05-22 CVE-2023-32336 Unspecified vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service.
network
low complexity
ibm
critical
9.8
2023-05-19 CVE-2022-47984 Unspecified vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.
network
low complexity
ibm
critical
9.8
2022-11-16 CVE-2022-40752 Command Injection vulnerability in IBM products
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements.
network
low complexity
ibm CWE-77
critical
9.8
2022-11-03 CVE-2022-40747 XXE vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2022-11-03 CVE-2022-22425 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection.
network
low complexity
ibm CWE-1236
critical
9.8
2022-06-06 CVE-2022-31768 SQL Injection vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2021-11-02 CVE-2021-38948 XML Injection (aka Blind XPath Injection) vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-91
critical
9.1
2021-01-26 CVE-2020-27583 Deserialization of Untrusted Data vulnerability in IBM Infosphere Information Server 8.5
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code.
network
low complexity
ibm CWE-502
critical
9.8
2019-02-15 CVE-2018-1727 XXE vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1