Security Bulletin: IBM InfoSphere Governance Catalog is affected by an Improper Access Control vulnerability

Summary

An Improper Access Control vulnerability was addressed by IBM InfoSphere Governance Catalog.

Vulnerability Details

CVEID: CVE-2018-1899 DESCRIPTION: IBM InfoSphere Information Server could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152528&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

The following products, running on all supported platforms, are affected:

IBM InfoSphere Information Governance Catalog: versions 11.3, 11.5, and 11.7

IBM InfoSphere Information Server on Cloud: version 11.5, and 11.7

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation/First Fix

—|—|—|—

InfoSphere Information Governance Catalog, Information Server on Cloud

|

11.7

|

JR60196

|

--Apply IBM InfoSphere Information Server version 11.7.0.2

--Apply IBM InfoSphere Information Server 11.7.0.2 Service Pack 1

InfoSphere Information Governance Catalog, Information Server on Cloud

|

11.5

|

JR60196

|

--Apply IBM InfoSphere Information Server version 11.5.0.2

--Apply IBM InfoSphere Information Server 11.5 Service Pack 5

InfoSphere Information Governance Catalog

|

11.3

|

JR60196

|

--Apply IBM InfoSphere Information Server version 11.3.1.2
--Apply Information Governance Catalog _ Security patch_

For IBM InfoSphere Information Server version 9.1, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Contact Technical Support:

In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None