ibm infosphere_information_server の CVE（188 件）

CVE 件数: 188 CPE versions: View versions table

概要

本ページは ibm infosphere_information_server に影響する公開済み CVE（NVD の CPE 経由で関連付け）を列挙します。各行に深刻度指標・概要・公開日が含まれます。

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2026-2485	IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.	[email protected]	4.8	0.19%	2026-03-25	2026-06-17
CVE-2026-2484	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages	[email protected]	4.3	0.28%	2026-03-25	2026-06-17
CVE-2026-2483	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session	[email protected]	5.4	0.21%	2026-03-25	2026-06-17
CVE-2026-1262	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.	[email protected]	4.3	0.24%	2026-03-25	2026-06-17
CVE-2026-1015	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.	[email protected]	5.4	0.21%	2026-03-25	2026-06-17
CVE-2026-1014	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.	[email protected]	6.5	0.21%	2026-03-25	2026-06-17
CVE-2025-36422	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.	[email protected]	4.3	0.14%	2026-03-25	2026-06-17
CVE-2025-36258	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.	[email protected]	7.1	0.15%	2026-03-25	2026-06-17
CVE-2025-14974	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).	[email protected]	5.7	0.33%	2026-03-25	2026-06-17
CVE-2025-14912	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.	[email protected]	5.4	0.22%	2026-03-25	2026-06-17
CVE-2025-14810	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)	[email protected]	6.3	0.24%	2026-03-25	2026-06-17
CVE-2025-14808	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.	[email protected]	3.1	0.22%	2026-03-25	2026-06-17
CVE-2025-14807	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.	[email protected]	6.5	0.22%	2026-03-25	2026-06-17
CVE-2025-14790	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.	[email protected]	6.5	0.20%	2026-03-25	2026-06-17
CVE-2026-1567	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.	[email protected]	7.1	0.31%	2026-03-03	2026-06-17
CVE-2026-1265	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.	[email protected]	4.3	0.19%	2026-03-03	2026-06-17
CVE-2025-12832	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.	[email protected]	4.6	0.17%	2025-12-08	2026-06-17
CVE-2025-12531	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.	[email protected]	7.1	0.76%	2025-11-03	2026-06-17
CVE-2025-33003	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.	[email protected]	7.8	0.11%	2025-10-31	2026-06-17
CVE-2025-36245	IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.	[email protected]	8.8	0.41%	2025-09-29	2026-06-17

cvelogic Threat Intelligence