Ibm · Ibm Infosphere Information Server · CVE-2024-31898
Name of the Vulnerable Software and Affected Versions:
IBM InfoSphere Information Server version 11.7
Description:
The issue is related to an error in handling user-controlled authorization keys, which could allow a remote attacker to disclose protected information or modify arbitrary data. It is also described as allowing an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
Recommendations:
For IBM InfoSphere Information Server version 11.7, consider restricting access to sensitive information and implementing additional authentication measures to prevent bypassing authentication using insecure direct object references. At the moment, there is no information about a newer version that contains a fix for this vulnerability.