Vulnerability identifier: #VU94667
Vulnerability risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-639
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
IBM InfoSphere Information Server
Server applications /
Database software
Vendor:
Description
The vulnerability allows a remote user to gain access to bypass authentication process or modify data on the system.
The vulnerability exists due to insecure direct object references. An authenticated user can exploit this vulnerability to read or modify sensitive information by bypassing authentication using insecure direct object references.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://www.ibm.com/support/pages/node/7158425
http://exchange.xforce.ibmcloud.com/vulnerabilities/288182
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.