This issue is due to session data being persisted without the required data sanitization. An attacker with privileged credentials could exploit this vulnerability to impersonate another user. The attacker cannot leverage the privilege of the session. This issue has been fixed in version 11.7.9.1.
CVE-2019-1685 An issue was discovered in IBM InfoSphere Information Server. In certain circumstances, an attacker could bypass an intended sign-on requirement to access multiple applications. This issue could occur when two applications are configured to share a common user identity. To exploit the issue, the attacker must trick a user into logging in to one of the applications. This is likely to happen through social engineering, since the user is not prompted to enter credentials for the other application. IBM X-Force ID: 236697.
CVE-2019-1687 An issue was discovered in IBM InfoSphere Information Server. An authenticated user could accidentally delete data from a table by issuing a delete statement against the table. The attacker must trick a user into issuing a statement that deletes data in the table, such as by sending an email with a crafted link. Since the table contains sensitive data, an attacker must possess that data in order to exploit this. This issue has been fixed in version 11.7.9.1.
CVE-2019-1689 An issue was discovered in IBM InfoSphere Information Server. An attacker could bypass an intended sign-on requirement to change the password
IBM InfoSphere Information Server
Security Enhancements
This release includes the following security enhancements:
IBM InfoSphere Information Server 11.7.9.1 fixes multiple vulnerabilities in IBM InfoSphere Information Server, including three that are rated "critical" and two that are rated "important".
IBM Information Server SDK 11.7.9.1
The IBM InfoSphere Information Server software updates contain a fix on CVE-2019-1689 and a workaround on CVE-2019-1685, which were previously reported in the IBM X-Force database. The InfoSphere Information Server SDK 11.7.9.1 also contains updates to these two vulnerabilities that were introduced in version 11.7.9, as well as fixes for CVE-2022-41291 and CVE-2023-47637, which were not previously reported in the X-Force database but were discovered during internal testing of the new release.
A) How to avoid the 5 most common mistakes when outsourcing SEO
B) What are some benefits of advertising on Facebook