Skip to main content

Infosphere Information Server CVE-2024-7577

MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2025-03-29 psirt@us.ibm.com
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:33 vuln.today
CVE Published
Mar 29, 2025 - 00:15 nvd
MEDIUM 4.4

DescriptionCVE.org

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.

AnalysisAI

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-532. IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. Affected products include: Ibm Infosphere Information Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-51459 HIGH
8.4 Mar 19

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handl

CVE-2025-0966 HIGH
7.6 Jun 25

CVE-2025-0966 is a SQL injection vulnerability in IBM InfoSphere Information Server 11.7 that allows authenticated remot

CVE-2025-3221 HIGH
7.5 Jun 21

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a denial of service vulnerability caused by

CVE-2026-1567 HIGH
7.1 Mar 03

Infosphere Information Server versions up to 11.7.1.6 is affected by improper restriction of xml external entity referen

CVE-2025-1499 MEDIUM
6.5 Jun 01

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext paramete

CVE-2024-22351 MEDIUM
6.3 Apr 23

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user

CVE-2024-43186 MEDIUM
5.3 Mar 29

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored

CVE-2025-36034 MEDIUM
5.3 Jun 26

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in

CVE-2025-12832 MEDIUM
4.6 Dec 08

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma

CVE-2024-51477 MEDIUM
4.3 Mar 29

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an o

CVE-2025-25045 MEDIUM
4.3 Apr 23

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical erro

CVE-2025-3629 MEDIUM
4.3 Jun 21

CVE-2025-3629 is a security vulnerability (CVSS 4.3) that allows an authenticated user. Remediation should follow standa

Share

CVE-2024-7577 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy