Ibm Infosphere Information Server vulnerabilities

196 known vulnerabilities affecting ibm/infosphere_information_server.

Total CVEs

196

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL15HIGH41MEDIUM128LOW12

Vulnerabilities

Page 10 of 10

CVE-2013-0502MEDIUMCVSS 4.3v8.1v8.5+7 more2013-04-01

CVE-2013-0502 [MEDIUM] CWE-79 CVE-2013-0502: Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.

nvd

CVE-2012-5938HIGHCVSS 7.2v8.1v8.5+2 more2013-03-20

CVE-2012-5938 [HIGH] CWE-264 CVE-2012-5938: The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Lin The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.

nvd

CVE-2012-0204CRITICALCVSS 9.3v8.1v8.5+4 more2013-01-31

CVE-2012-0204 [CRITICAL] CVE-2012-0204: Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSpher Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

nvd

CVE-2012-0705HIGHCVSS 7.1v8.1v8.5+4 more2013-01-31

CVE-2012-0705 [HIGH] CWE-20 CVE-2012-0705: InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors.

nvd

CVE-2012-0701MEDIUMCVSS 6.5v8.1v8.5+3 more2013-01-31

CVE-2012-0701 [MEDIUM] CWE-264 CVE-2012-0701: The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSph The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.

nvd

CVE-2012-0702MEDIUMCVSS 4.0v8.1v8.5+3 more2013-01-31

CVE-2012-0702 [MEDIUM] CWE-287 CVE-2012-0702: Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8 Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.

nvd

CVE-2012-0203MEDIUMCVSS 4.3v8.1v8.5+2 more2013-01-31

CVE-2012-0203 [MEDIUM] CWE-79 CVE-2012-0203: Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in I Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

nvd

CVE-2012-0703MEDIUMCVSS 5.8v8.1v8.5+3 more2013-01-31

CVE-2012-0703 [MEDIUM] CWE-20 CVE-2012-0703: Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Se Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

nvd

CVE-2012-4819MEDIUMCVSS 4.3v8.1v8.5+3 more2013-01-31

CVE-2012-4819 [MEDIUM] CWE-79 CVE-2012-4819: Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified

nvd

CVE-2012-0205MEDIUMCVSS 6.5v8.1v8.5+3 more2013-01-31

CVE-2012-0205 [MEDIUM] CWE-264 CVE-2012-0205: InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 be InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors.

nvd

CVE-2012-0700LOWCVSS 1.9v8.1v8.5+3 more2013-01-31

CVE-2012-0700 [LOW] CWE-255 CVE-2012-0700: The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 bef The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.

nvd

CVE-2012-4832LOWCVSS 1.9v8.1v8.5+3 more2013-01-31

CVE-2012-4832 [LOW] CWE-200 CVE-2012-4832: Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8 Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

nvd

CVE-2011-3123HIGHCVSS 7.2v8.5v8.5.0.12011-08-10

CVE-2011-3123 [HIGH] CWE-264 CVE-2011-3123: IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataS IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

nvd

CVE-2011-3124HIGHCVSS 7.2v8.5v8.5.0.12011-08-10

CVE-2011-3124 [HIGH] CWE-264 CVE-2011-3124: IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataS IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors.

nvd

CVE-2009-4240CRITICALCVSS 10.0v8.12009-12-09

CVE-2009-4240 [CRITICAL] CWE-119 CVE-2009-4240: Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSp Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.

nvd

CVE-2009-4239MEDIUMCVSS 4.3v8.12009-12-09

CVE-2009-4239 [MEDIUM] CWE-79 CVE-2009-4239: Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

nvd

← Previous10 / 10