Security Bulletin: Information Server Connector Migration Tool allows a user with limited role to create/modify/replace some jobs (CVE-2015-0180)

Summary

A user with limited role may be able to create/modify/delete specific types of jobs.

Vulnerability Details

CVEID:CVE-2015-0180**
DESCRIPTION**: IBM Information Server Connector Migration Tool could allow a user with limited role to create/modify/delete specific types of jobs that they do not have access to.

CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100946 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)** **

Affected Products and Versions

The following product, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 8.1 to 11.3

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server Connector Migration Tool| 11.3| JR51665| --Apply IBM InfoSphere Connector Migration Tool Security Patch
InfoSphere Information Server Connector Migration Tool| 9.1| JR51665| --Apply IBM InfoSphere Connector Migration Tool Security Patch
InfoSphere Information Server Connector Migration Tool| 8.7| JR51665| --Apply IBM InfoSphere Connector Migration Tool Security Patch
InfoSphere Information Server Connector Migration Tool| 8.5| JR51665|
--Apply IBM InfoSphere Connector Migration Tool Security Patch
InfoSphere Information Server Connector Migration Tool| 8.1| JR51665| Contact IBM customer support.

Note: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.

Workarounds and Mitigations

None