There are multiple vulnerabilities in Open Source Apache WSS4J that is used by IBM InfoSphere DataStage Web services pack.
CVE-ID: CVE-2015-0226 DESCRIPTION: Apache WSS4J could allow a remote attacker to obtain sensitive information, caused by Bleichenbacherβs attack on XML Encryption. By sending a specially-crafted message, an attacker could exploit this vulnerability to decrypt the key and obtain sensitive information.
CVSS Base Score: 5.000
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/100836 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-ID: CVE-2015-0227 DESCRIPTION: Apache WSS4J could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce the requireSignedEncryptedDataElements property. An attacker could exploit this vulnerability using various types of wrapping attacks to bypass security restrictions and perform unauthorized actions.
CVSS Base Score: 5.000
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/100837 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
The following product, running on all supported platforms, are affected:
IBM InfoSphere DataStage Web services Pack: versions 9.1 and 11.3
Product
| VRMF|APAR|Remediation/First Fix
β|β|β|β
InfoSphere DataStage Web services Pack| 11.3| JR52755| --Apply IBM InfoSphere DataStage Web services Pack Security Patch
InfoSphere DataStage Web services Pack| 9.1| JR52755| --Apply IBM InfoSphere DataStage Web services Pack Security Patch
Note: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm infosphere datastage | eq | 9.1 | |
ibm infosphere datastage | eq | 11.3 | |
ibm infosphere datastage | eq | 9.1 | |
ibm infosphere datastage | eq | 11.3 |