Ibm Infosphere Information Server vulnerabilities

CVE-2021-29747 [HIGH] CVE-2021-29747: IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive info IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775.

CVE-2020-4997 [MEDIUM] CWE-79 CVE-2020-4997: IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914

CVE-2020-27583 [CRITICAL] CWE-502 CVE-2020-27583: IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which cou IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVE-2020-4886 [LOW] CWE-922 CVE-2020-4886: IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that co IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.

CVE-2020-4740 [MEDIUM] CWE-79 CVE-2020-4740: IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker c IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150.

CVE-2020-4741 [MEDIUM] CWE-79 CVE-2020-4741: IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This v IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188197.

CVE-2020-4727 [MEDIUM] CWE-1021 CVE-2020-4727: IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action o IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

CVE-2020-4702 [MEDIUM] CWE-79 CVE-2020-4702: IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerabil IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187.

CVE-2020-4632 [MEDIUM] CWE-918 CVE-2020-4632: IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.

CVE-2020-4305 [HIGH] CWE-502 CVE-2020-4305: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbi IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.

CVE-2020-4286 [MEDIUM] CWE-352 CVE-2020-4286: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery w IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.

CVE-2020-4298 [MEDIUM] CWE-79 CVE-2020-4298: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This v IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475.

CVE-2020-4384 [MEDIUM] CWE-79 CVE-2020-4384: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This v IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265.

CVE-2020-4347 [HIGH] CWE-732 CVE-2020-4347: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privileg IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.

CVE-2020-4162 [MEDIUM] CWE-79 CVE-2020-4162: IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerab IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342.

CVE-2013-0507 [HIGH] CWE-384 CVE-2013-0507: IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability

CVE-2019-4237 [MEDIUM] CWE-79 CVE-2019-4237: A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.

CVE-2018-1845 [HIGH] CWE-611 CVE-2018-1845: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Inject IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.

CVE-2019-4185 [HIGH] CVE-2019-4185: IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975.

CVE-2019-4257 [MEDIUM] CWE-209 CVE-2019-4257: IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerabili IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.