A potential vulnerability based on privilege escalation was addressed by IBM InfoSphere Information Server.
CVEID:CVE-2020-4347
**DESCRIPTION:**IBM InfoSphere Information Server could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178412 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version |
---|---|
InfoSphere Information Server, Information Server on Cloud | 11.7 |
InfoSphere Information Server, Information Server on Cloud | 11.5 |
InfoSphere Information Server | 11.3 |
If your Information Server installation uses WebSphere Application Server Network Deployment (WAS ND), it is affected if the following apply:
-- or –
You should do the following steps (only needed once over the lifetime of the installation):
Stand-alone deployment
1. In your WAS ND location, change directory to the directory containing the java folder.
2. chmod -R 755 java
Cluster deployment
1. On the machine where your deployment manager is installed
a. change directory to the directory containing the java folder within your WAS ND installation
b. chmod -R 755 java
2. On a machine where a custom profile is installed
a. change directory to the directory containing the java folder within your WAS ND installation
b. chmod -R 755 java
3. Repeat step 2 for each custom profile, and horizontal machine that is a member of the cluster.
see Remediation/Fixes section.
CPE | Name | Operator | Version |
---|---|---|---|
ibm infosphere information server | eq | 11.7 | |
ibm infosphere information server | eq | 11.5 | |
ibm infosphere information server | eq | 11.3 |