Goh Zhi Hao

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Server versions 9.1, 11.3, and 11.5 **Description** The issue allows a local user to gain elevated privileges by placing arbitrary files in installation directories. **Recommendations** For IBM InfoSphere Information Server version 9.1, update to a version that includes a fix for this issue. For IBM InfoSphere Information Server version 11.3, update to a version that includes a fix for this issue. For IBM InfoSphere Information Server version 11.5, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Server versions 9.1, 11.3, and 11.5 **Description** The issue allows for a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources. **Recommendations** For IBM InfoSphere Information Server version 9.1, update to a version that includes the fix for this issue. For IBM InfoSphere Information Server version 11.3, update to a version that includes the fix for this issue. For IBM InfoSphere Information Server version 11.5, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Server versions 9.1, 11.3, and 11.5 **Description** The issue allows a local user to gain elevated privileges by placing arbitrary files in installation directories. **Recommendations** For IBM InfoSphere Information Server version 9.1, restrict access to installation directories to prevent arbitrary file placement. For IBM InfoSphere Information Server version 11.3, limit user privileges to prevent exploitation. For IBM InfoSphere Information Server version 11.5, consider implementing additional security measures to prevent unauthorized file placement in installation directories.

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Server versions 9.1, 11.3, and 11.5 **Description** The issue allows a privileged user to cause a memory dump, potentially exposing highly sensitive information, including access credentials. **Recommendations** For IBM InfoSphere Information Server version 9.1, update to a version that includes the fix for this issue. For IBM InfoSphere Information Server version 11.3, update to a version that includes the fix for this issue. For IBM InfoSphere Information Server version 11.5, update to a version that includes the fix for this issue.