Privilege escalation in IBM InfoSphere Information Server for Cloud - CVE-2017-1467
Published: September 13, 2017
Vulnerability identifier: #VU8420
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1467
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM InfoSphere Information Server for Cloud
IBM InfoSphere Information Server for Cloud
Detailed vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to weak authorization issue. A remote attacker can use man-in-the-middle techniques, replay certain DataStage commands without privileged access and gain
elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation or unauthorized access to the system.
The weakness exists due to weak authorization issue. A remote attacker can use man-in-the-middle techniques, replay certain DataStage commands without privileged access and gain
elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation or unauthorized access to the system.
How to mitigate CVE-2017-1467
Workarounds are available on vendor's website.