Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM329DA59BAE0F68B28BC5662BA5A0D301BFF2C433B05E65A529360691103972B8
HistoryMar 21, 2022 - 11:07 p.m.

Security Bulletin: IBM InfoSphere Information Server may be vulnerable to various cross-site injection attacks CVE-2019-4727

2022-03-2123:07:01
www.ibm.com
48
ibm infosphere
information server
cross-site injection
vulnerability
cve-2019-4727
javascript code
credentials disclosure
web ui
fix
subscription manager
datastage
technical support
JSON

Summary

Potential cross-site injection vulnerabilities were addressed in IBM InfoSphere Information Server.

Vulnerability Details

CVEID: CVE-2019-4727 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base Score: 6.1
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/172364&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 11.3, 11.5, 11.7
IBM InfoSphere Subscription Manager: versions 11.3, 11.5, 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, 11.7

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation/First Fix

—|—|—|—
InfoSphere Information Server, Subscription Manager, Information Server on Cloud | 11.7 | JR61685
| --Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server 11.7.1.0 Fix Pack 1
--For InfoSphere DataStage, apply Information Server 11.7.1.1 Service Pack 1

InfoSphere Information Server, Subscription Manager, Information Server on Cloud

|

11.5

|

JR61685

|

--Apply InfoSphere Information Server version 11.5.0.2
--Apply IBM InfoSphere Information Server _11.5.0.2 Service Pack 6 _
--Apply InfoSphere Information Server Framework Security patch
--Apply InfoSphere Information Analyzer Security patch
--Apply InfoSphere Subscription Manager Security patch
--Apply InfoSphere Metadata Asset Manager Security patch
--Apply InfoSphere Information Governance Catalog Security patch
--For InfoSphere DataStage, Data Quality Exception Console, upgrade to a fixed release

InfoSphere Information Server, Subscription Manager

|

11.3

|

JR61685

|

--Upgrade to a release containing the fix

Contact Technical Support:
In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None

Related

cve 1
cve
cve
CVE-2019-4727
2022-08-04 12:43:27
JSON
Related for 329DA59BAE0F68B28BC5662BA5A0D301BFF2C433B05E65A529360691103972B8
cve1