#VU8420 Privilege escalation in IBM InfoSphere Information Server for Cloud

Published: 2017-09-13

Vulnerability identifier: #VU8420

Vulnerability risk: Low

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-1467


Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM InfoSphere Information Server for Cloud
Server applications / Other server solutions

Vendor: IBM Corporation

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to weak authorization issue. A remote attacker can use man-in-the-middle techniques, replay certain DataStage commands without privileged access and gain
elevated privileges.

Successful exploitation of the vulnerability results in privilege escalation or unauthorized access to the system.

Workarounds are available on vendor's website.

Vulnerable software versions

IBM InfoSphere Information Server for Cloud: 9.1 - 11.5

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability