Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2009-12-09 |
| Product | Infosphere Information Server | Last view | 2024-03-21 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2024-03-21 | CVE-2024-22352 | IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. |
| 5.4 | 2023-12-01 | CVE-2023-46174 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506. |
| 5.3 | 2023-12-01 | CVE-2023-43021 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. |
| 5.4 | 2023-12-01 | CVE-2023-43015 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064. |
| 5.4 | 2023-12-01 | CVE-2023-42022 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938. |
| 5.9 | 2023-12-01 | CVE-2023-42019 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. |
| 5.4 | 2023-12-01 | CVE-2023-42009 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504. |
| 7.5 | 2023-12-01 | CVE-2023-40699 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. |
| 8.8 | 2023-12-01 | CVE-2023-38268 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. |
| 6.5 | 2023-11-18 | CVE-2023-40363 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332. |
| 7.5 | 2023-08-28 | CVE-2023-24959 | IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332. |
| 8.8 | 2023-08-28 | CVE-2023-23473 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400. |
| 8.8 | 2023-08-28 | CVE-2023-22877 | IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. |
| 6.5 | 2023-07-19 | CVE-2023-35898 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352. |
| 5.3 | 2023-07-17 | CVE-2023-33857 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. |
| 9.8 | 2023-05-22 | CVE-2023-32336 | IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. |
| 5.4 | 2023-05-19 | CVE-2023-28529 | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. |
| 5.5 | 2023-05-19 | CVE-2023-22878 | IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. |
| 9.8 | 2023-05-19 | CVE-2022-47984 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. |
| 7.5 | 2023-04-29 | CVE-2023-30441 | IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. |
| 5.4 | 2023-02-21 | CVE-2023-25928 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646. |
| 5.5 | 2023-02-17 | CVE-2023-24964 | IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. |
| 7.5 | 2023-02-17 | CVE-2023-24960 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 |
| 4.6 | 2023-02-08 | CVE-2023-23475 | IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. |
| 5.4 | 2023-02-01 | CVE-2022-47983 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 36% (37) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 7% (8) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 6% (7) | CWE-264 | Permissions, Privileges, and Access Controls |
| 6% (7) | CWE-200 | Information Exposure |
| 5% (6) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
| 4% (5) | CWE-20 | Improper Input Validation |
| 3% (4) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 2% (3) | CWE-502 | Deserialization of Untrusted Data |
| 1% (2) | CWE-312 | Cleartext Storage of Sensitive Information |
| 1% (2) | CWE-284 | Access Control (Authorization) Issues |
| 1% (2) | CWE-209 | Information Exposure Through an Error Message |
| 1% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 0% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (1) | CWE-613 | Insufficient Session Expiration |
| 0% (1) | CWE-532 | Information Leak Through Log Files |
| 0% (1) | CWE-384 | Session Fixation |
| 0% (1) | CWE-326 | Inadequate Encryption Strength |
| 0% (1) | CWE-319 | Cleartext Transmission of Sensitive Information |
| 0% (1) | CWE-311 | Missing Encryption of Sensitive Data |
| 0% (1) | CWE-295 | Certificate Issues |
| 0% (1) | CWE-287 | Improper Authentication |
| 0% (1) | CWE-276 | Incorrect Default Permissions |
| 0% (1) | CWE-255 | Credentials Management |
| 0% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 0% (1) | CWE-91 | XML Injection (aka Blind XPath Injection) |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74492 | IBM InfoSphere Information Server Incorrect File Ownership Local Privilege Es... |
| 73551 | IBM InfoSphere Information Server DSEngine File Permissions Local Privilege E... |
| 60807 | IBM InfoSphere Information Server DataStage SUID Binaries Unspecified Overflows |
| 60806 | IBM InfoSphere Information Server Web Console Unspecified XSS |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-06-08 | Name: IBM InfoSphere IGC requires a security update File: ibm_igc_jun_2018.nasl - Type: ACT_GATHER_INFO |
| 2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-79b7fd1b4d.nasl - Type: ACT_GATHER_INFO |
| 2017-10-24 | Name: The remote Fedora host is missing a security update. File: fedora_2017-6bbb922009.nasl - Type: ACT_GATHER_INFO |
| 2017-10-24 | Name: The remote Fedora host is missing a security update. File: fedora_2017-9f36da1aac.nasl - Type: ACT_GATHER_INFO |
