IBMF6F5C9A90891983ADC7555A931DCFA08C667D443B3F03C2AE54D14C8102CA1EASecurity Bulletin: IBM InfoSphere Information Server is affected by an Information disclosure vulnerability (CVE-2022-35715)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
50.5%
Summary
An Information disclosure vulnerability in InfoSphere Information Server was addressed.
Vulnerability Details
CVEID:CVE-2022-35715
**DESCRIPTION:**IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231202 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| InfoSphere Information Server | 11.7 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| InfoSphere Information Server, Information Server on Cloud | 11.7 | DT139296 | |
| --Apply InfoSphere Information Server version 11.7.1.0 | |||
| --Apply InfoSphere Information Server version 11.7.1.3 | |||
| --Apply Information Server 11.7.1.3 Service pack 4 | |||
| --Apply Information Server DataStage Security patch |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| infosphere information server | eq | 11.7 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
50.5%