#VU83248 Permissions, Privileges, and Access Controls in IBM InfoSphere Information Server - CVE-2023-40363

Cybersecurity Help s.r.o.

Published: 2023-11-17

Vulnerability identifier: #VU83248

Vulnerability risk: Medium

CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-40363

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM InfoSphere Information Server
Server applications / Database software

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to change installation files.

The vulnerability exists due to application does not properly impose security restrictions. A remote user can bypass security restrictions and change installation files.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM InfoSphere Information Server: before 11.7.1.120

External links
https://www.ibm.com/support/pages/node/7070742

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Permissions, privileges, and access controls in InfoSphere Information Server