InstallAnywhere generates installation executables on Microsoft Windows which are vulnerable to a DLL-planting exploit affecting the Change Data Capture (CDC) components within the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Delivery families of products.
CVE(s): CVE-2016-4560
Affected product(s) and affected version(s):
Affected CDC components include:
Management Console
Access Server (Windows-based version only)
Replication engines (agents) for the following databases (Windows-based versions only)
. DB2 for Linux, Unix and Windows
. Datastage
. Event Server
. Hadoop
. Informix
. FlexRep
. Microsoft SQL Server
. Netezza
. Oracle
. PureScale Data System for Analytics
. Sybase
. Teradata
The following product levels are affected:
| IBM InfoSphere Data Replication | 11.3.3, 11.3.0, 10.2.1, 10.2.0, 10.1.3, 10.1.2, 10.1.1, 10.1.0 |
| IBM InfoSphere Data Replication for Apache Hadoop | 11.3.3 |
| IBM InfoSphere Data Replication for Database Migration | 11.3.3, 10.2.1, 10.1.3 |
| IBM InfoSphere Data Replication for Netezza | 11.3.0, 10.2.1, 10.2.0, 10.1.3, 10.1.2 |
| IBM InfoSphere Data Replication for Non-Production Environments | 10.2.1, 10.1.3 |
| IBM InfoSphere Change Data Delivery | 11.3.3, 11.3.0, 10.2.1, 10.2.0 |
| IBM InfoSphere Change Data Delivery for Information Server | 11.3.3, 11.3.0, 10.2.1, 10.2.0 |
| IBM InfoSphere Change Data Delivery for Netezza | 11.3.0, 10.2.1, 10.2.0 |
| IBM InfoSphere Change Data Delivery for PureData System for Analytics | 11.3.3, 11.3.0 |
| IBM InfoSphere Change Data Delivery for Information Server for PureData System for Analytics | 11.3.3 |
| IBM InfoSphere Change Data Delivery for Information Server for Netezza | 11.3.0, 10.2.1, 10.2.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1TJLbuP
X-Force Database: http://ift.tt/1Vw3dW4
from IBM Product Security Incident Response Team http://ift.tt/1TJL9mI
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.