7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
An Apache Taglibs vulnerability while processing XML data was addressed by IBM InfoSphere Information Server.
CVEID: CVE-2015-0254**
DESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101550 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3, and 11.5
IBM InfoSphere Information Server Metadata Workbench: versions 8.7, and 9.1
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server| 11.5| JR56172| --Apply IBM InfoSphere Information Server version 11.5.0.1
--Apply IBM InfoSphere Information Server Framework Security Patch
InfoSphere Information Server| 11.3| JR56172| --Apply IBM InfoSphere Information Server version _11.3.1.2 _
--Apply IBM InfoSphere Information Server Framework Security Patch
InfoSphere Information Server, Metadata Workbench| 9.1| JR56172
JR56270| --Apply IBM InfoSphere Information Server version 9.1.2.0
--Apply IBM InfoSphere Information Server Framework Security Patch
--Apply IBM InfoSphere Information Server Metadata Workbench Security patch
InfoSphere Information Server, Metadata Workbench| 8.7| JR56172
JR56270| --Apply IBM InfoSphere Information Server version 8.7 Fix Pack 2
--Apply IBM InfoSphere Information Server Framework Security Patch
--Apply IBM InfoSphere Information Server Metadata Workbench Security patch
Note:
1. Some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.
2. For IBM InfoSphere Information Server version 8.5, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None