Security Bulletin: IBM InfoSphere Information Server is vulnerable to a privilege escalation

Summary

IBM InfoSphere Information Server could allow a local user to gain elevated privileges by placing arbitrary files in installation directories.

Vulnerability Details

CVEID: CVE-2017-1469 DESCRIPTION: IBM InfoSphere Information Server could allow a local user to gain elevated privileges by placing arbitrary files in installation directories.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128468 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 9.1, 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud: version 11.5

Remediation/Fixes

None

Workarounds and Mitigations

Only trusted users should be given access to machines installed with DataStage clients.