Ibm Infosphere Information Server vulnerabilities

CVE-2019-4220 [MEDIUM] CWE-798 CVE-2019-4220: IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be u IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.

CVE-2019-4238 [MEDIUM] CWE-79 CVE-2019-4238: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This v IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464.

CVE-2018-1994 [CRITICAL] CWE-89 CVE-2018-1994: IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker co IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.

CVE-2018-1906 [MEDIUM] CVE-2018-1906: IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.

CVE-2018-1917 [MEDIUM] CWE-200 CVE-2018-1917: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access J IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.

CVE-2018-1899 [MEDIUM] CVE-2018-1899: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.

CVE-2018-1727 [CRITICAL] CWE-611 CVE-2018-1727: IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity I IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.

CVE-2018-1701 [HIGH] CVE-2018-1701: IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.

CVE-2018-1895 [MEDIUM] CWE-79 CVE-2018-1895: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This v IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.

CVE-2018-1518 [MEDIUM] CWE-326 CVE-2018-1518: IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.

CVE-2017-1350 [HIGH] CVE-2017-1350: IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their pri IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526.

CVE-2018-1432 [MEDIUM] CWE-352 CVE-2018-1432: IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting w IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social enginee

CVE-2018-1454 [MEDIUM] CWE-319 CVE-2018-1454: IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensi IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089.

CVE-2016-0250 [MEDIUM] CWE-611 CVE-2016-0250: XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.

CVE-2017-1469 [HIGH] CWE-94 CVE-2017-1469: IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated priv IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.

CVE-2017-1383 [CRITICAL] CWE-611 CVE-2017-1383: IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injecti IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.

CVE-2017-1468 [HIGH] CVE-2017-1468: IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated priv IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467.

CVE-2017-1467 [HIGH] CVE-2017-1467: A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.

CVE-2017-1495 [MEDIUM] CWE-119 CVE-2017-1495: IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memor IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693.

CVE-2017-1321 [MEDIUM] CWE-79 CVE-2017-1321: IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vu IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.