IBM recommends users update to the latest version 11.7.1.1 or 11.7.2 as soon as possible. Users who are using a version prior to 11.7 may be impacted. If you are using an older version and wish to upgrade, IBM recommends immediately removing all user-generated data from InfoSphere Information Server. This is necessary to limit the risk of any data being used to launch further attacks.
CVE information: CVE-2017-7524 CVE-2017-7525 CVE-2017-7526 CVE-2017-7527 CVE-2017-7528 CVE-2017-7529 CVE-2017-7530 CVE-2017-7531 CVE-2017-7532 CVE-2017-7533 CVE-2017-7534 CVE-2017-7535 CVE-2017-7536 CVE-2017-7537 CVE-2017-7538 CVE-2017-7539 CVE-2017-7540 CVE-2017-7541 CVE-2017-7542 CVE-2017-7543 CVE-2017-7544 CVE-2017-7545 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 CVE-2017-7549 CVE-2017-7550 CVE-2017-7551 CVE-2017-7552 CVE-2017-7553 CVE-2017-7554 CVE-2017-7555 CVE-2017-7556 CVE-2017-7557 CVE-2017-7558
Overview br
A vulnerability has been identified in IBM InfoSphere Information Server software, which could allow remote code execution. The vulnerability is contained in the application-level input validation functionality of the affected software.
The vulnerability is due to a flaw in the application-level input validation functionality of the affected software. This function performs the following:
validates that pointers are within the bounds of an allocated data structure by performing bounds checking on all array accesses and pointer dereferences; validates that memory blocks are properly aligned during heap allocation; validate that strings are properly null terminated; ensures that arrays are not accessed beyond their boundaries by performing bounds checking on all array accesses and pointer dereferences; performs memory leak check after freeing memory blocks.
CVE information: CVE-2017-7524 CVE-2017-7525 CVE-2017-7526 CVE-2017-7527 CVE-2017-7528 CVE-2017-7529 CVE-2017-7530 CVE-2017-7531 CVE-2017-7532 CVE-2017-7533 CVE-2017
IBM InfoSphere Information Server 11.7.1.1 or 11.7.2
The latest version of InfoSphere Information Server (11.7.1.1) contains an addressed vulnerability that could allow for unauthorized access to the information server.
It is important that you update your software as soon as possible. You should also remove all user-generated data from the InfoSphere Information Server in order to limit the risk of any future attacks on this product.
IBM InfoSphere Information Server V11.7.1 .1
IBM InfoSphere Information Server V11.7.1.1 provides a more secure and reliable way to access and share information for customers, partners, and employees of your organization. It includes security patches in the form of CVEs (Common Vulnerabilities and Exposures) up to November 2017. The following CVEs are resolved by this release:
- CVE-2017-7524: Cross Site Scripting (XSS) vulnerability on InfoSphere DataStage
- CVE-2017-7525: Insufficient input validation vulnerability on InfoSphere DataStage
- CVE-2017-7526: Security update for IBM Security AppScan Enterprise Version 7.x.x
- CVE-2017-7527: Unspecified vulnerability affecting IBM Security AppScan Enterprise Version 7.x.x
- CVE-2017-7528: Cross Site Scripting (XSS) vulnerability in IBM Security AppScan Enterprise Version 7.x.x
- CVE-2017-7529: Unauthorized access to a file from the Content Server module within IBM Security AppScan Enterprise Version 7.2 or earlier, through version 7.3 or later
-"CVE" is an abbreviation for "Common Vulnerabilities and Exposures." These entries can be found at https://www.cve.mitre.org/cve/CVE/
IBM InfoSphere Information Server Vulnerabilities
The IBM (International Business Machines) has released a security alert for the vulnerability CVE-2017-7548. This vulnerability impacts InfoSphere Information Server running on Linux and AIX platforms, versions 11.7 or 11.7.1, which were released in March 2017.
This vulnerability allows an attacker to escalate privileges in order to run arbitrary code on the system, which may allow the installation of malware and unauthorized access to data.
IBM recommends users update to the latest version 11.7.1.1 or 11.7.2 as soon as possible
Vulnerability Summary
A vulnerability in InfoSphere Information Server (InfoSphere IS) 11.7, 11.7.1, and 11.7.2 has been identified and patched for the following releases:
- InfoSphere Information Server (Version 11.7)
- InfoSphere Information Server (Version 11.7.1),
- InfoSphere Information Server (Version 11.7.2).
Timeline
Published on: 10/07/2022 17:15:00 UTC
Last modified on: 10/09/2022 02:34:00 UTC