CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23472 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-23472
11 Dec 2024 — IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/6988167 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40705 – IBM InfoSphere Information Server denial of service
https://notcve.org/view.php?id=CVE-2024-40705
15 Aug 2024 — IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. • https://www.ibm.com/support/pages/node/7160855 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40704 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-40704
15 Aug 2024 — IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. • https://www.ibm.com/support/pages/node/7160853 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39751 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-39751
06 Aug 2024 — IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 • https://exchange.xforce.ibmcloud.com/vulnerabilities/297429 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40689 – IBM InfoSphere Information Server SQL injection
https://notcve.org/view.php?id=CVE-2024-40689
26 Jul 2024 — IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719. • https://www.ibm.com/support/pages/node/7160579 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37533 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-37533
24 Jul 2024 — IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294727 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50964 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50964
30 Jun 2024 — IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/276102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28794 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28794
30 Jun 2024 — IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/286831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50953 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50953
30 Jun 2024 — IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775. IBM InfoSphere Information Server 11.7 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275775 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50952 – IBM InfoSphere Information Server server-side request forgery
https://notcve.org/view.php?id=CVE-2023-50952
30 Jun 2024 — IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774. IBM InfoSphere Information Server 11.7 es vulnerable a Server-Side Request Forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/275774 • CWE-918: Server-Side Request Forgery (SSRF) •