Vulnerability identifier: #VU8420
Vulnerability risk: Low
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
IBM InfoSphere Information Server for Cloud
Server applications /
Other server solutions
Vendor: IBM Corporation
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to weak authorization issue. A remote attacker can use man-in-the-middle techniques, replay certain DataStage commands without privileged access and gain
elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation or unauthorized access to the system.
Mitigation
Workarounds are available on vendor's website.
Vulnerable software versions
IBM InfoSphere Information Server for Cloud: 9.1 - 11.5
External links
http://www-01.ibm.com/support/docview.wss?uid=swg22006063
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.