- Description
- Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Per: http://xforce.iss.net/xforce/xfdb/73287 "IBM InfoSphere Information Server could allow a remote authenticated attacker to gain elevated privileges due to insecure authentication controls."
- Solution
- Per: http://xforce.iss.net/xforce/xfdb/73287 "IBM InfoSphere Information Server could allow a remote authenticated attacker to gain elevated privileges due to insecure authentication controls."
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "317FAE67-76E2-4084-9393-8A02D255BAF5"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D547E88D-FE3F-4C90-B7D8-301A1449E9AB"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server_information_services_framework:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30D17035-67E7-4489-A3C0-CFC81C0A3835"
}
],
"operator": "OR"
}
]
}
]