CVE-2012-0701

2013-01-3112:06:17

CWE-264

[email protected]

web.nvd.nist.gov

ibm

infosphere

datastage

information server

cve-2012-0701

security

vulnerability

access control

remote

authentication

6.4 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.5%

JSON

The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.

Affected configurations

NVD

Node

ibminfosphere_datastageMatch-

ibminfosphere_information_serverMatch8.1

ibminfosphere_information_serverMatch8.5

ibminfosphere_information_serverMatch8.5.0.1

ibminfosphere_information_serverMatch8.5.0.2

ibminfosphere_information_serverMatch8.7

CPENameOperatorVersion
ibm:infosphere_datastageibm infosphere datastageeq-
ibm:infosphere_information_serveribm infosphere information servereq8.1
ibm:infosphere_information_serveribm infosphere information servereq8.5
ibm:infosphere_information_serveribm infosphere information servereq8.5.0.1
ibm:infosphere_information_serveribm infosphere information servereq8.5.0.2
ibm:infosphere_information_serveribm infosphere information servereq8.7

CPE	Name	Operator	Version
ibm:infosphere_datastage	ibm infosphere datastage	eq	-
ibm:infosphere_information_server	ibm infosphere information server	eq	8.1
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5.0.1
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5.0.2
ibm:infosphere_information_server	ibm infosphere information server	eq	8.7