#VU8420 Privilege escalation in IBM InfoSphere Information Server for Cloud - CVE-2017-1467
Published: September 13, 2017
Vulnerability identifier: #VU8420
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1467
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
IBM InfoSphere Information Server for Cloud
IBM InfoSphere Information Server for Cloud
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to weak authorization issue. A remote attacker can use man-in-the-middle techniques, replay certain DataStage commands without privileged access and gain
elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation or unauthorized access to the system.
The weakness exists due to weak authorization issue. A remote attacker can use man-in-the-middle techniques, replay certain DataStage commands without privileged access and gain
elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation or unauthorized access to the system.
Remediation
Workarounds are available on vendor's website.