Maciej Kaczorowski

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Metadata Asset Manager version 11.7 **Description** The issue allows a remote authenticated attacker to exploit server-side request forgery by sending a specially crafted request, potentially submitting or controlling server requests. **Recommendations** For IBM InfoSphere Metadata Asset Manager version 11.7, update to a version that includes a fix for this issue, as no specific workaround is provided in the available data.

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Server version 11.7 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. **Recommendations** For IBM InfoSphere Information Server version 11.7, update to a version that includes a fix for this issue to prevent stored cross-site scripting attacks. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.