logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Description

## Summary Muiltiple vulnerabilities in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server are addressed. ## Vulnerability Details ** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) ** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. CVSS Base score: 3.7 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) ** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. CVSS Base score: 5.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) ** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- InfoSphere Information Server, Information Server on Cloud| 11.7 ## Remediation/Fixes **Product** | **VRMF**| **APAR**| **Remediation** ---|---|---|--- InfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [JR64702](<http://www.ibm.com/support/docview.wss?uid=swg1JR64702> "JR64702" )| \--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> "11.7.1.3" ) \--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> "11.7.1.3 Service pack 4" ) ## Workarounds and Mitigations None ##


Affected Software


CPE Name Name Version
infosphere information server 11.7

Related