Ibm Infosphere Information Server vulnerabilities

CVE-2024-40704 [MEDIUM] CWE-522 CVE-2024-40704: IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.

CVE-2024-40705 [MEDIUM] CWE-405 CVE-2024-40705: IBM InfoSphere Information Server could allow an authenticated user to consume file space resources IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.

CVE-2024-39751 [MEDIUM] CWE-209 CVE-2024-39751: IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429

CVE-2024-40689 [CRITICAL] CWE-89 CVE-2024-40689: IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.

CVE-2024-37533 [MEDIUM] CWE-359 CVE-2024-37533: IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user wit IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.

CVE-2024-40690 [MEDIUM] CWE-79 CVE-2024-40690: IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authe IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.

CVE-2024-31902 [HIGH] CWE-352 CVE-2024-31902: IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.

CVE-2023-50953 [MEDIUM] CWE-209 CVE-2023-50953: IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.

CVE-2024-28797 [MEDIUM] CWE-79 CVE-2024-28797: IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerabil IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136.

CVE-2024-28798 [MEDIUM] CWE-79 CVE-2024-28798: IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerabil IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.

CVE-2024-35119 [MEDIUM] CWE-209 CVE-2024-35119: IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.

CVE-2024-28794 [MEDIUM] CWE-79 CVE-2024-28794: IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831.

CVE-2023-50964 [MEDIUM] CWE-79 CVE-2023-50964: IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.

CVE-2024-31898 [MEDIUM] CWE-639 CVE-2024-31898: IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.

CVE-2023-50952 [MEDIUM] CWE-918 CVE-2023-50952: IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.

CVE-2023-50954 [MEDIUM] CWE-598 CVE-2023-50954: IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could b IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.

CVE-2024-28795 [MEDIUM] CWE-79 CVE-2024-28795: IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832.

CVE-2023-35022 [LOW] CWE-285 CVE-2023-35022: IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.

CVE-2024-22352 [MEDIUM] CWE-532 CVE-2024-22352: IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that co IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

CVE-2023-50303 [MEDIUM] CWE-79 CVE-2023-50303: IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.