Ibm Infosphere Information Server vulnerabilities

CVE-2025-36034 [MEDIUM] CWE-319 CVE-2025-36034: IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

CVE-2025-0966 [HIGH] CWE-89 CVE-2025-0966: IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send spe IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CVE-2025-3221 [HIGH] CWE-770 CVE-2025-3221: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

CVE-2025-3629 [MEDIUM] CWE-282 CVE-2025-3629: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to d IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.

CVE-2025-1499 [MEDIUM] CWE-312 CVE-2025-1499: IBM InfoSphere Information Server 11.7 stores credential information for database authentication in IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

CVE-2025-1138 [MEDIUM] CWE-548 CVE-2025-1138: IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

CVE-2024-22351 [MEDIUM] CWE-613 CVE-2024-22351: IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2025-25045 [MEDIUM] CWE-209 CVE-2025-25045: IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a det IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.

CVE-2025-25046 [LOW] CWE-319 CVE-2025-25046: IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.

CVE-2024-7577 [HIGH] CWE-532 CVE-2024-7577: IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files duri IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.

CVE-2024-43186 [MEDIUM] CWE-256 CVE-2024-43186: IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive informa IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.

CVE-2024-51477 [MEDIUM] CWE-203 CVE-2024-51477: IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username i IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.

CVE-2024-55895 [MEDIUM] CWE-209 CVE-2024-55895: IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVE-2024-51459 [HIGH] CWE-280 CVE-2024-51459: IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due t IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.

CVE-2024-40706 [MEDIUM] CWE-497 CVE-2024-40706: IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version informa IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.

CVE-2024-52363 [HIGH] CWE-22 CVE-2024-52363: IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVE-2021-29827 [MEDIUM] CWE-1021 CVE-2021-29827: IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action o IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

CVE-2024-52901 [MEDIUM] CWE-1284 CVE-2024-52901: IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

CVE-2024-51460 [MEDIUM] CWE-209 CVE-2024-51460: IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive informa IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.

CVE-2023-23472 [MEDIUM] CWE-497 CVE-2023-23472: IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authentic IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.