Lucene search

IBMC451FDABABEFAA4842D79F8B65C43090A80D0B13A8BB10CFE3DD6A1D0408A096

HistoryJun 30, 2022 - 10:51 p.m.

Security Bulletin: IBM InfoSphere Information Server Pack for SAP Apps and BW Packs is affected by an improper validation vulnerability

2022-06-3022:51:40

www.ibm.com

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

19.8%

JSON

Summary

An improper validation vulnerability in IBM InfoSphere Information Server Pack for SAP Apps and BW Packs was addressed.

Vulnerability Details

CVEID:CVE-2022-22373
**DESCRIPTION:**An improper validation vulnerability in IBM InfoSphere Information Server Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221323 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
InfoSphere Information Server,
Information Server on Cloud	11.7

Remediation/Fixes

Product	VRMF	APAR	Remediation/First Fix
InfoSphere Information Server, InfoSphere Information Server on Cloud	11.7	JR64547	--Apply SAP Packs 8.2.0.4
--Apply SAP Packs Security patch

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibminfosphere_information_serverMatch11.7

CPENameOperatorVersion
infosphere information servereq11.7

CPE	Name	Operator	Version
	infosphere information server	eq	11.7

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

19.8%

JSON

Related for C451FDABABEFAA4842D79F8B65C43090A80D0B13A8BB10CFE3DD6A1D0408A096