Security Bulletin: Vulnerability in IBM InfoSphere Information Server installer could expose sensitive information (CVE-2015-7493)

Summary

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.

Vulnerability Details

CVEID:CVE-2015-7493**
DESCRIPTION: IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108818 for the current score CVSS Environmental Score: Undefined* **CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

The following product, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3 and 11.5
Installation of Information Server and all Information Server related components is affected.

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server| 11.5| JR55026| --Apply IBM InfoSphere Information Server version 11.5 Fix Pack 1
--Update to the latest Updater for 11.5 before applying any patch
InfoSphere Information Server| 11.3| JR55026| -- For any new 11.3 install, or an Append Install to an existing 11.3 installation, contact IBM Customer Support
--Before applying any patch to an existing 11.3 installation
1. apply IBM InfoSphere Information Server version _11.3.1.2 _
2. apply Security Patch
3. Update to the latest Updater for 11.3
--After applying the above fixes, each time you append a new product or add-on PACK to your installation, you must also do the steps described in this TechNote
InfoSphere Information Server| 9.1| JR55026| --For any new 9.1 install, or an Append Install to an existing 9.1 installation, contact IBM Customer Support
--Before applying any patch to an existing 9.1 installation
1. apply IBM InfoSphere Information Server version 9.1.2.0
2. apply Security Patch
3. update to the latest Unified Update installer
--After applying the above fixes, each time you append a new product or add-on PACK to your installation, you must also do the steps described in this TechNote
InfoSphere Information Server| 8.7| JR55026| --For any new 8.7 install, or an Append Install to an existing 8.7 installation, contact IBM Customer Support
--Before applying any patch to an existing 8.7 installation
1. apply IBM InfoSphere Information Server version 8.7 Fix Pack 2
2. apply Security Patch
3. update to the latest Unified Update installer
--After applying the above fixes, each time you append a new product or add-on PACK to your installation, you must also do the steps described in this TechNote
InfoSphere Information Server| 8.5| JR55026| Contact IBM customer support.

Note: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.

Workarounds and Mitigations

None