Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection

2021-07-2213:28:19

www.ibm.com

ibm infosphere

sql injection

vulnerability

version 11.7.1.1

technical support

EPSS

0.001

Percentile

43.2%

JSON

Summary

A SQL injection vulnerability in IBM InfoSphere Information Server was addressed.

Vulnerability Details

CVEID:CVE-2021-29730
**DESCRIPTION:**IBM InfoSphere Information Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201164 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
InfoSphere Information Server	11.7

Remediation/Fixes

Product	VRMF	APAR
InfoSphere DataStage, Information Server on Cloud	11.7	JR63560
--Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.0 Fix Pack 1
--Apply InfoSphere Information Server 11.7.1.1 Service Pack 2

For Red Hat 8 installations, contact IBM Customer support.

Contact Technical Support:

In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None

EPSS

0.001

Percentile

43.2%

JSON

Related for 693EF63390B32504D92B237D61721DFA71DD787EAE4B113FAD20FE1B514E547E