Multiple vulnerabilities in IBM InfoSphere Information Server



Risk Low
Patch available NO
Number of vulnerabilities 3
CVE-ID CVE-2017-1467
CVE-2017-1468
CVE-2017-1383
CWE-ID CWE-285
CWE-426
CWE-611
Exploitation vector Network
Public exploit N/A
Vulnerable software
 IBM InfoSphere Information Server for Cloud
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU8420

Risk: Low

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-1467

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to weak authorization issue. A remote attacker can use man-in-the-middle techniques, replay certain DataStage commands without privileged access and gain
elevated privileges.

Successful exploitation of the vulnerability results in privilege escalation or unauthorized access to the system.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

IBM InfoSphere Information Server for Cloud: 9.1 - 11.5

CPE2.3 External links

https://www-01.ibm.com/support/docview.wss?uid=swg22006063


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Untrusted search path

EUVDB-ID: #VU8421

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-1468

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to untrusted search path element. A local attacker can place arbitrary .dll files in installation directories and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

IBM InfoSphere Information Server for Cloud: 9.1 - 11.5

CPE2.3 External links

https://www-01.ibm.com/support/docview.wss?uid=swg22006067


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) XXE attack

EUVDB-ID: #VU8422

Risk: Low

CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-1383

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct XXE attack.

The weakness exists in the encryption library due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can send manipulated XML data and gain access to arbitrary data or consume memory resources.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

IBM InfoSphere Information Server for Cloud: 9.1 - 11.5

CPE2.3 External links

https://www-01.ibm.com/support/docview.wss?uid=swg22005803


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###