IBM InfoSphere Information Server: Unauthorized access possible
The IBM InfoSphere Information Server data integration platform is vulnerable. The developers have closed several security gaps.
(Image: Tatiana Popova/Shutterstock.com)
Attackers can attack IBM InfoSphere Information Server via several security vulnerabilities and, among other things, gain higher user rights. To prevent successful attacks, admins should install a repaired version as soon as possible.
Several gaps closed
IBM InfoSphere Information Server is used to monitor and visualize data streams. The most dangerous is a security vulnerability(CVE-2025-24789"high") in the Snowflake JDBC driver. A prerequisite for an attack is that EXTERNALBROWSER authentication is active under Windows. In addition, an attacker must have write access to a directory in %PATH%. If the requirements are met, he can obtain the same user rights as a victim.
In addition, the developers have also closed a vulnerability(CVE-2025-31141"medium") in Apache Kafka. At this point, a locally authenticated attacker can obtain higher rights by sending a crafted request.
In addition, information can still be leaked(CVE-2024-43186"medium", CVE-2024-7577"medium", CVE-2024-51477"medium", CVE-2024- 55895"low"). So far there have been no reports of attacks. The developers assure that they have solved the security problems in InfoSphere Information Server 11.7.1.0 and 11.7.1.6.
(des)
