Update for IBM InfoSphere Information Server closes many security gaps
IBM has issued several security alerts for InfoSphere Information Server. Updated software corrects the errors.
(Image: Sashkin/Shutterstock.com)
There are numerous security gaps in IBM's InfoSphere Information Server, a software for extracting and transforming diverse data into various forms. Attackers can misuse them to inject malicious code, bypass security measures, paralyze systems or gain unauthorized access to information.
IBM delivers a total of 21 security warnings. Six of these are classified as high-risk. IT managers should therefore update their IBM InfoSphere to the latest, error-free version as soon as possible.
Affected versions
According to the warnings, InfoSphere Information Server versions 11.7 are affected by the vulnerabilities. The updated versions 11.7.1.0 and 11.7.1.5 are available for download and seal the security leaks.
The IBM security warnings are listed in descending order of severity:
- IBM InfoSphereInformation Server is affected by a code execution vulnerability in Eclipse JGit, CVSS 8.8
- IBM InfoSphere Information Serveris affected by multiple vulnerabilities in Open Container Initiative runc, CVSS maximal 8.6
- IBMInfoSphere Information Server is affected by a vulnerability in Oracle MySQL Connectors, CVSS 8.3
- Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server, CVSS maximum 7.5
- IBM InfoSphere Information Serveris affected by a vulnerability in XNIO, CVSS 7.5
- IBM InfoSphere Information Serveris vulnerable to stored cross-site scripting, CVSS 7.2
- IBM InfoSphere Information Serveris vulnerable to stored cross-site scripting, CVSS 6.4
- IBM InfoSphere Information Serveris affected by multiple vulnerabilities in OpenSSL, CVSS maximal 5.9
- IBM InfoSphere Information Serveris affected by a vulnerability in Psf Requests, CVSS 5.6
- IBM InfoSphereInformation Server low level authenticated user can view sensitive information, CVSS 5.4
- IBM InfoSphere Information Serveris vulnerable to server-side request forgery, CVSS 5.4
- IBM InfoSphere Information Serveris vulnerable to cross-site scripting, CVSS 5.4
- IBM InfoSphere Information Server isvulnerable to stored cross-site scripting, CVSS 5.4
- IBM InfoSphere Information Server isvulnerable to stored cross-site scripting, CVSS 5.4
- IBM InfoSphere Information Server isvulnerable due to disclosure of sensitive information, CVSS 5.3
- IBM InfoSphere Information Server is vulnerabledue to improper error handling, CVSS 4.3
- IBM InfoSphere Information Server isvulnerable to cross-site request forgery, CVSS 4.3
- IBM InfoSphere Information Serveris vulnerable due to information exposure in a URL, CVSS 4.3
- IBM InfoSphere Information Server isvulnerable due to insecure authorization, CVSS 4.0
- IBM InfoSphere Information Serveris affected by a vulnerability in tqdm, CVSS 3.9
- IBM InfoSphere Information Serveris affected by multiple vulnerabilities in Kubernetes, CVSS maximal 3.0
IBM last released security updates for IBM App Connect Enterprise and InfoSphere Information Server in March. In InfoSphere Information Server, there were three vulnerabilities with a "high" risk rating and one with a medium risk rating.
(dmk)