We use cookies to improve your experience on our site.
AVID-2026-R0811
Description
Vulnerability CVE-2021-29730
Details
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.
Reason for inclusion in AVID: CVE-2021-29730 describes a SQL injection vulnerability in IBM InfoSphere Information Server 11.7, enabling remote attackers to view or modify backend data. Although not AI-specific, InfoSphere is a data integration/ETL tool commonly used in AI data pipelines for training and deployment. As such, a vulnerability in this data-processing component can impact the supply chain of general-purpose AI systems (data prep, ingestion, and pipeline integrity). The issue is a security vulnerability with clear exploitation potential.
References
- NVD entry
- https://www.ibm.com/support/pages/node/6468569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/201164
Affected or Relevant Artifacts
- Developer: IBM
- Deployer: IBM
- Artifact Details:
| Type | Name |
|---|---|
| System | InfoSphere Information Server |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.0 |
| Vector String | CVSS:3.0/PR:L/AC:L/S:U/A:L/C:L/AV:N/I:L/UI:N/RL:O/RC:C/E:U |
| Base Score | 6.3 |
| Base Severity | 🟠 Medium |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | 🟢 Low |
| Availability Impact | 🟢 Low |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-07-09
- Version: 0.3.3
- AVID Entry