CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.4%
An information disclosure vulnerability in InfoSphere Information Server was addressed.
CVEID:CVE-2024-37533
**DESCRIPTION:**IBM InfoSphere Information Server could disclose sensitive user information to another user with physical access to the machine.
CVSS Base score: 2.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294727 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
InfoSphere Information Server | 11.7 |
Product | VRMF | APAR | Remediation |
---|---|---|---|
InfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 | DT387193 |
| --Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.5
--Apply InfoSphere DataStage security patch
Users of Information Server Manager should not check the “Save password” option while creating new connections.
To clean up connections that were previously created in this manner, clean the cache by following the steps for Information Server Manager, in the “Resolving The Problem” section of technote.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | infosphere_information_server | 11.7 | cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* |
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.4%