Vulnerabilities > IBM > Infosphere Information Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-35715 | Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. | 7.5 |
| 2021-11-02 | CVE-2021-29737 | Improper Certificate Validation vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. | 7.5 |
| 2021-11-02 | CVE-2021-29875 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. | 7.5 |
| 2021-11-02 | CVE-2021-29888 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-07-09 | CVE-2021-29730 | SQL Injection vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. | 8.8 |
| 2021-05-17 | CVE-2021-29747 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. | 7.5 |
| 2020-07-09 | CVE-2020-4305 | Deserialization of Untrusted Data vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |
| 2020-04-16 | CVE-2020-4347 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. | 7.3 |
| 2020-02-05 | CVE-2013-0507 | Session Fixation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 8.1 |
| 2019-06-17 | CVE-2018-1845 | XXE vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |