Vulnerabilities > IBM > Infosphere Information Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-01 | CVE-2019-4237 | Cross-site Scripting vulnerability in IBM products A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. | 5.4 |
| 2019-04-25 | CVE-2019-4238 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2019-04-02 | CVE-2018-1917 | Information Exposure vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. | 6.5 |
| 2019-04-02 | CVE-2018-1906 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. | 6.5 |
| 2018-10-18 | CVE-2018-1518 | Inadequate Encryption Strength vulnerability in IBM products IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. | 5.5 |
| 2018-06-05 | CVE-2018-1454 | Cleartext Transmission of Sensitive Information vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2018-06-05 | CVE-2018-1432 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. | 6.1 |
| 2018-03-12 | CVE-2016-0250 | XXE vulnerability in IBM Infosphere Information Server XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. | 5.4 |
| 2017-08-02 | CVE-2017-1495 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. | 4.9 |
| 2017-07-12 | CVE-2017-1321 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. | 6.1 |