Artur Czyz

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Governance Catalog versions 11.3 through 11.3.1.2 IBM InfoSphere Information Governance Catalog versions 11.5 through 11.5.0.1 **Description** The issue allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data, specifically exploiting an XML external entity (XXE) vulnerability. **Recommendations** For IBM InfoSphere Information Governance Catalog versions 11.3 through 11.3.1.2, update to version 11.3.1.2 or later. For IBM InfoSphere Information Governance Catalog versions 11.5 through 11.5.0.1, update to version 11.5.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** IBM Information Server Framework versions 8.5 IBM Information Server Framework and InfoSphere Information Server Business Glossary versions 8.7 before FP2 IBM Information Server Framework and InfoSphere Information Server Business Glossary versions 9.1 before 9.1.2.0 IBM Information Server Framework and InfoSphere Information Governance Catalog versions 11.3 before 11.3.1.2 IBM Information Server Framework and InfoSphere Information Governance Catalog versions 11.5 before 11.5.0.1 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. **Recommendations** For IBM Information Server Framework version 8.5, update to a version later than 8.5. For IBM Information Server Framework and InfoSphere Information Server Business Glossary version 8.7, apply FP2 or later. For IBM Information Server Framework and InfoSphere Information Server Business Glossary version 9.1, update to version 9.1.2.0 or later. For IBM Information Server Framework and InfoSphere Information Governance Catalog version 11.3, update to version 11.3.1.2 or later. For IBM Information Server Framework and InfoSphere Information Governance Catalog version 11.5, update to version 11.5.0.1 or later.