A security bypass vulnerability in Apache Solr (lucene) used by IBM InfoSphere Information Server was addressed.
CVEID:CVE-2020-13957
**DESCRIPTION:**Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the Configsets API. By using a combination of UPLOAD/CREATE actions, an attacker could exploit this vulnerability to bypass the checking mechanism for features considered as dangerous.
CVSS Base score: 9.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189644 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
Affected Product(s) | Version(s) |
---|---|
InfoSphere Information Server, Information Server on Cloud | 11.7 |
InfoSphere Information Server, Information Server on Cloud | 11.5 |
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
InfoSphere Information Server, Information Server on Cloud | 11.7 | None | |
If you have a Microservices tier: | |||
--Apply InfoSphere Information Server version 11.7.1.1 | |||
or for Red Hat 8 installations | |||
--Apply InfoSphere Information Server version 11.7.1.2 |
Otherwise, follow the steps in the “Solr cloud (admin UI authentication)” section of Technote.
InfoSphere Information Analyzer, InfoSphere Data Quality Exception Console, Information Server on Cloud | 11.5 | None
| --Follow the steps in the “Solr cloud (admin UI authentication)” section of Technote.
If you don’t have a Microservices tier, follow the steps in the “Solr cloud (admin UI authentication)” section of Technote.
CPE | Name | Operator | Version |
---|---|---|---|
ibm infosphere information server | eq | 11.7 | |
ibm infosphere information server | eq | 11.5 |