Security Bulletin: IBM InfoSphere Information Server is vulnerable to privilege escalation

Summary

A privilege escalation vulnerability was addressed by IBM InfoSphere Information Server.

Vulnerability Details

CVEID: CVE-2017-1350**
DESCRIPTION:** IBM InfoSphere Information Server could allow a user to escalate their privileges to administrator due to improper access controls.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126526 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

The following product, running on all supported platforms, is affected:
IBM Information Server Framework: versions 9.1, 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud versions 11.5, and 11.7

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server, Information Server on Cloud| 11.7| JR57408| --Apply IBM InfoSphere Information Server version 11.7.0.1
InfoSphere Information Server, Information Server on Cloud| 11.5| JR57408| --Apply IBM InfoSphere Information Server version 11.5.0.2
--Apply IBM InfoSphere Information Server Framework Security patch
InfoSphere Information Server| 11.3| JR57408| --Apply IBM InfoSphere Information Server version _11.3.1.2 _
--Apply IBM InfoSphere Information Server Framework Security patch
InfoSphere Information Server| 9.1| JR57408| --Upgrade to a new release

For IBM InfoSphere Information Server version 9.1, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Contact Technical Support:
In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None