The IBM InfoSphere DataClick administration and reporting console contains multiple security vulnerabilities. Note: IBM InfoSphere DataClick 10.0 is provided with IBM BigInsights version 2.0 and is not separately available.
CVE ID: CVE-2013-3034
DESCRIPTION:
An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability or an HTML injection vulnerability in the InfoSphere Information Server administration and reporting console to gain unauthorized access or collect sensitive information.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84646 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE ID: CVE-2013-3040
DESCRIPTION:
Failed login attempts separately identify invalid usernames and passwords enabling sequential brute force attempts to identify valid usernames and passwords.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84765 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)CVSS Base Score:
CVE ID: CVE-2013-0599
DESCRIPTION:
The IBM InfoSphere Information Server help system could disclose sensitive information about the help systemβs implementation when an attacker sends a specially-crafted URL.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83613 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/AU:N/C:P/I:N/A:N)
CVE ID: CVE-2013-4057
DESCRIPTION:
Due to insufficient safeguards against cross-site request forgery in Information Server XML Pack an attacker can trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require the user to already be logged into the DataStage designer or to authenticate separately as part of the attack.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86546 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE ID: CVE-2013-4058
DESCRIPTION:
Information Serverβs metadata repository is exposed to blind SQL injection attacks through various Information Server web interfaces.
CVSS:
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86547 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVE ID: CVE-2013-4059
DESCRIPTION:
Various Information Server web interfaces are vulnerable to content-spoofing and cross-site scripting allowing attackers to gain unauthorized access or collect sensitive information.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86548 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE ID: CVE-2013-4066
DESCRIPTION:
By overlaying the Web Console interface with a different interface and inducing a user to perform mouse clicks and keystrokes, an attacker can cause a user to unwittingly carry out unintended actions within the Web Console.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86597 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE ID:CVE-2013-4067
DESCRIPTION:
An attacker can steal or manipulate customer session and cookies, or persuade a naive user to supply sensitive information such as username or password.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86598 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM InfoSphere Data Click version 10.0 running on Linux
Product
| VRMF|APAR|Remediation/First Fix
β|β|β|β
InfoSphere Data Click| 10.0| JR46529 JR46682 JR46685 JR47055 JR47357 JR48815 JR49200 JR49206 | --Contact IBM customer support to obtain the fix.
None known, apply fixes