Aug 1, 2017 10:00 am EDT
Categorized: High Severity
Share this post:
An XML External Entity Injection (XXE) vulnerability in IBM InfoSphere Information Server potentially can be used by an attacker to retrieve sensitive documents. Importing from the DataStage Designer Client is a feature that enables users to migrate DataStage assets from one system to another or from one project to another in the same system. Examples: • Migrating Jobs from a Development system to a Production system • Performing DataStage version upgrades (i.e. v11.3 to v11.5) • Sharing assets between DataStage users/teams IBM DataStage supports three different formats to export DataStage objects: • DSX (DataStage eXport format) • XML • ISX There is a potential vulnerability when existing DataStage assets are imported via XML. Likewise, there is a potential vulnerability in XML Plugin’s metadata import operations.
CVE(s): CVE-2017-1383
Affected product(s) and affected version(s):
The following products, running on all supported platforms, are affected:
IBM InfoSphere DataStage: versions 9.1, 11.3, and 11.5
IBM InfoSphere Information Server on Cloud: version 11.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2uVb1Yy
X-Force Database: http://ift.tt/2veTbSV
Archives
from IBM Product Security Incident Response Team http://ift.tt/2uUJMNT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.