Security Bulletin: InfoSphere Information Server is affected by an Information disclosure vulnerability

Summary

An Information disclosure vulnerability was addressed by IBM InfoSphere Information Server.

Vulnerability Details

CVEID: CVE-2019-4615 DESCRIPTION: IBM InfoSphere Information Server displays sensitive information in version numbers of installed software that could aid a remote attacker in further attacks against the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/168641&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: version 11.7
IBM InfoSphere Information Server on Cloud: version 11.7

Remediation/Fixes

Update your configuration by issuing the following command on the Microservices tier master node:

kubectl patch cm -n kube-system ingress-nginx-configuration --type=merge -p ‘{“data”:{“server-tokens”:“false”}}’

On the Information Server host system, you can disable the X-Powered-By flag in the WebSphere Administration console:
1. Go to Servers > Server Types > WebSphere application servers > server_name > Web Container Settings > Web container

2. Under Additional Properties, select Custom Properties

3. On the Custom Properties page, click New
4. On the Settings page

a. create a custom property named com.ibm.ws.webcontainer.disablexPoweredBy
b. set the value for the property to true
c. Click Apply or OK
5. Click Save on the console task bar to save your configuration changes
6. Restart the server

For additional information, see <https://www.ibm.com/support/pages/node/6587569&gt;.