Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD521FE4767B071C465E34E30E2A9D0B95B04959C95143EC4CCA31CB92484BBC9
HistoryJun 16, 2018 - 2:07 p.m.

Security Bulletin: Vulnerability in IBM InfoSphere Information Server installer could expose sensitive information (CVE-2015-1901)

2018-06-1614:07:41
www.ibm.com
3

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.

Vulnerability Details

CVE-ID: CVE-2015-1901 DESCRIPTION: IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.
CVSS Base Score: 1.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101638 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)

Affected Products and Versions

The following product, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 8.5, 8.7, 9.1 and 11.3

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server| 11.3| JR52549| --Use the IBM InfoSphere Information Server version _11.3.1.2 _ for new installations
--Update to the latest Updater for 11.3 before applying any patch
InfoSphere Information Server| 9.1| JR52549| --Before any new 9.1 install, or an Append Install to an existing 9.1 installation, download the 9.1.2.0 is-suite and apply Installer Patch against is-suite before running the install.
--Before applying any patch to an existing 9.1 installation, update to the latest Unified Update installer
InfoSphere Information Server| 8.7| JR52549| --Before any new 8.7 install, or an Append Install to an existing 8.7 installation, download the 8.7.0.2 is-suite and apply Installer Patch against is-suite before running the install
--Before applying any patch to an existing 8.7 installation, update to the latest Unified Update installer
InfoSphere Information Server| 8.5| JR52549| --Before any new 8.5 install, or an Append Install to an existing 8.5 installation, apply Installer Patch against the 8.5.0.0 is-suite before running the install
--Before applying any patch to an existing 8.5 installation, update to the latest Updater for 8.5

Note: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.

Workarounds and Mitigations

None

Related

cvelist 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2015-1901
2015-06-28 14:00:00
nvd
nvd
CVE-2015-1901
2015-06-28 14:59:01
cve
cve
CVE-2015-1901
2015-06-28 14:59:01
prion
prion
Command injection
2015-06-28 14:59:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for D521FE4767B071C465E34E30E2A9D0B95B04959C95143EC4CCA31CB92484BBC9
cvelist1nvd1cve1prion1