Security Bulletin: IBM InfoSphere Information Analyzer and Information Governance Catalog is affected by an Information Disclosure vulnerability

Summary

An Information Disclosure vulnerability was addressed by IBM InfoSphere Information Analyzer and Information Governance Catalog.

Vulnerability Details

CVEID: CVE-2019-4257 DESCRIPTION: IBM InfoSphere Information Analyzer is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/159945&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Analyzer : versions 11.5, 11.7
IBM InfoSphere Information Governance Catalog: versions 11.5, 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, 11.7

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation/First Fix

—|—|—|—

InfoSphere Information Analyzer,
Information Governance Catalog,
Information Server on Cloud

|

11.5

|

JR60958

|

--Apply IBM InfoSphere Information Server version 11.5.0.2
--Apply InfoSphere Information Server 11.5.0.2 Service Pack 6

InfoSphere Information Analyzer, Information Governance Catalog, Information Server on Cloud

|

11.7

|

JR60958

|

--Apply IBM InfoSphere Information Server version 11.7.1.0

--For IBM InfoSphere Information Server Enterprise Edition in a containerized environment, apply IBM InfoSphere Information Server 11.7.1.0

Contact Technical Support:
In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None