CVE-2012-4832

Name of the Vulnerable Software and Affected Versions Information Services Framework (ISF) in IBM InfoSphere Information Server versions 8.1 through 8.5 before FP3, 8.7 Information Services Framework (ISF) in IBM InfoSphere Business Glossary versions 8.1.1 through 8.1.2

Description The issue makes it easier for remote attackers to obtain access by leveraging an unattended workstation, as the login page does not have an off autocomplete attribute for the password field.

Recommendations For IBM InfoSphere Information Server versions 8.1 through 8.5 before FP3, 8.7, consider disabling the login page's autocomplete feature for the password field until a patch is available. For IBM InfoSphere Business Glossary versions 8.1.1 through 8.1.2, consider disabling the login page's autocomplete feature for the password field until a patch is available.