107 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. • https://www.ibm.com/support/pages/node/7160855 https://exchange.xforce.ibmcloud.com/vulnerabilities/298279 • CWE-405: Asymmetric Resource Consumption (Amplification) •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. • https://www.ibm.com/support/pages/node/7160853 https://exchange.xforce.ibmcloud.com/vulnerabilities/298277 • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 • https://exchange.xforce.ibmcloud.com/vulnerabilities/297429 https://www.ibm.com/support/pages/node/7160580 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719. • https://www.ibm.com/support/pages/node/7160579 https://exchange.xforce.ibmcloud.com/vulnerabilities/297719 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294727 https://www.ibm.com/support/pages/node/7159173 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •