IBME05F4C5EADB497632152B21D21C00496068E6000614075806E537BACA1CC64F8Security Bulletin: A vulnerability in the instance runAsUser function was found in IBM InfoSphere Streams (CVE-2016-2867)
0.0004 Low
EPSS
Percentile
5.1%
Summary
There is a potential vulnerability in IBM InfoSphere Streams when the instance runAsUser property is set. IBM InfoSphere Streams has addressed this vulnerability.
Vulnerability Details
CVEID: CVE-2016-2867**
DESCRIPTION:** In certain supported configurations of IBM InfoSphere Streams, setting the instance runAsUser property can result in operator code using the group id of the root user instead of the group id of the runAsUser for checking permissions.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112763 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
- IBM InfoSphere Streams Version 4.0.1.1 and earlier
- IBM Streams Version 4.1.1.0 and earlier
Remediation/Fixes
NOTE: Fix Packs are available on IBM Fix Central.
- Version 4.1.1:
- Version 4.0.1:
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm streams | eq | 4.0 | |
| ibm streams | eq | 4.0.1 | |
| ibm streams | eq | 4.1 | |
| ibm streams | eq | 4.1.1 | |
| ibm streams | eq | any |
Related
0.0004 Low
EPSS
Percentile
5.1%