CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40705 – IBM InfoSphere Information Server denial of service
https://notcve.org/view.php?id=CVE-2024-40705
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. • https://www.ibm.com/support/pages/node/7160855 https://exchange.xforce.ibmcloud.com/vulnerabilities/298279 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40704 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-40704
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. • https://www.ibm.com/support/pages/node/7160853 https://exchange.xforce.ibmcloud.com/vulnerabilities/298277 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39751 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-39751
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 • https://exchange.xforce.ibmcloud.com/vulnerabilities/297429 https://www.ibm.com/support/pages/node/7160580 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40689 – IBM InfoSphere Information Server SQL injection
https://notcve.org/view.php?id=CVE-2024-40689
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719. • https://www.ibm.com/support/pages/node/7160579 https://exchange.xforce.ibmcloud.com/vulnerabilities/297719 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37533 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-37533
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294727 https://www.ibm.com/support/pages/node/7159173 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •