IBM5F5089BCEA920E26AB4C0407F087F8B0842CF5C4ADC6785392CFFDFB2905805FSecurity Bulletin: IBM InfoSphere Information Server is affected by an Information disclosure vulnerability.
0.001 Low
EPSS
Percentile
28.1%
Summary
An Information disclosure vulnerability in IBM InfoSphere Information Server was addressed.
Vulnerability Details
CVEID:CVE-2021-29681
**DESCRIPTION:**IBM InfoSphere Information Server could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199917 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| InfoSphere Information Server | 11.7 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| InfoSphere Information Server, Information Server on Cloud | 11.7 | JR63505 | |
--Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.0 Fix Pack 1
--Apply InfoSphere Information Server 11.7.1.1 Service Pack 1
--Apply InfoSphere Metadata Asset Manager security patch
For Red Hat 8 installations, contact IBM Customer support.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm infosphere information server | eq | 11.7 |
Related
0.001 Low
EPSS
Percentile
28.1%