Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0CCFE93E455C8E4473254160BFD6F404D01C9F706AEF24F4278E9952B2E36219
HistoryApr 12, 2021 - 3:56 p.m.

Security Bulletin: IBM InfoSphere Information Server has a network layer security vulnerability

2021-04-1215:56:14
www.ibm.com
15
ibm infosphere
information server
security vulnerability
privilege escalation
unauthorized access
cve-2017-1467
cvss
affected products
versions
mitigation
access controls
trusted networks
monitor access
communication limit.

EPSS

0.002

Percentile

61.6%

JSON

Summary

A network layer security vulnerability in InfoSphere Information Server can lead to privilege escalation or unauthorized access.

An unauthorized user could intercept and view communication between client and server. They could also modify or replay certain DataStage commands to get unauthenticated access to the server.

Vulnerability Details

CVEID: CVE-2017-1467 DESCRIPTION: A network layer security vulnerability in InfoSphere Information Server can lead to privilege escalation or unauthorized access.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128466 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 9.1, 11.3, 11.5 and 11.7
IBM InfoSphere Information Server on Cloud: version 11.5

Remediation/Fixes

None

Workarounds and Mitigations

Mitigation Steps:

ā€¢ Maintain strict and audited access controls to the DataStage client machines.
For guidance on credential mapping:
https://www.ibm.com/support/knowledgecenter/en/SSZJPZ_11.5.0/com.ibm.swg.im.iis.found.admin.common.doc/topics/admsec_engine_security_and_credential_mapping.html
For a detailed description of Roles, Groups and tasks that can be done:
https://www.ibm.com/developerworks/community/files/basic/anonymous/api/library/0e088c99-9f24-4c5c-a79a-a65ab8323565/document/499cdb07-a12e-43d3-9314-e36e24c148de/media/Administrator Pg. 16-Pg 19

ā€¢ Limit communication between DataStage Windows Client and Server to be via trusted networks (VPN, Firewall, Private Networks) only

ā€¢ Monitor access from DataStage Windows Client to DataStage Server

ā€¢ DataStage Client and Server requires a single port to be opened (default 31538) for communication. Limit opening any other ports between client and server as documented: https://www.ibm.com/support/knowledgecenter/en/SSZJPZ_11.5.0/com.ibm.swg.im.iis.productization.iisinfsv.install.doc/topics/wsisinst_pln_networks.html

Related

prion 1
nvd 1
cvelist 1
cve 1
zdt 1
packetstorm 1
ibm 1
prion
prion
Design/Logic Flaw
2017-08-02 17:29:00
nvd
nvd
CVE-2017-1467
2017-08-02 17:29:00
cvelist
cvelist
CVE-2017-1467
2017-08-02 17:00:00
cve
cve
CVE-2017-1467
2017-08-02 17:29:00
zdt
zdt
IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass Vulnerabilities
2017-09-15 00:00:00
packetstorm
packetstorm
IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
2017-09-15 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect the IBM Storwize V7000 Unified
2018-06-18 00:51:30

EPSS

0.002

Percentile

61.6%

JSON
Related for 0CCFE93E455C8E4473254160BFD6F404D01C9F706AEF24F4278E9952B2E36219
prion1nvd1cvelist1cve1zdt1packetstorm1ibm1