IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.
CVE-ID: CVE-2015-1901 DESCRIPTION: IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.
CVSS Base Score: 1.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101638 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)
The following product, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 8.5, 8.7, 9.1 and 11.3
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server| 11.3| JR52549| --Use the IBM InfoSphere Information Server version _11.3.1.2 _ for new installations
--Update to the latest Updater for 11.3 before applying any patch
InfoSphere Information Server| 9.1| JR52549| --Before any new 9.1 install, or an Append Install to an existing 9.1 installation, download the 9.1.2.0 is-suite and apply Installer Patch against is-suite before running the install.
--Before applying any patch to an existing 9.1 installation, update to the latest Unified Update installer
InfoSphere Information Server| 8.7| JR52549| --Before any new 8.7 install, or an Append Install to an existing 8.7 installation, download the 8.7.0.2 is-suite and apply Installer Patch against is-suite before running the install
--Before applying any patch to an existing 8.7 installation, update to the latest Unified Update installer
InfoSphere Information Server| 8.5| JR52549| --Before any new 8.5 install, or an Append Install to an existing 8.5 installation, apply Installer Patch against the 8.5.0.0 is-suite before running the install
--Before applying any patch to an existing 8.5 installation, update to the latest Updater for 8.5
Note: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.
None