Robin Trost

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Server version 11.7 **Description** The issue is related to improper validation of the REST API server certificate in the IBM InfoSphere Data Flow Designer Engine component. This could potentially allow for man-in-the-middle attacks or other security breaches. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For IBM InfoSphere Information Server version 11.7, update the component to properly validate the REST API server certificate. As a temporary workaround, consider restricting access to the REST API until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7) **Description** The issue is related to server-side request forgery (SSRF), which may allow an authenticated attacker to send unauthorized requests from the system. This could potentially lead to network enumeration or facilitate other attacks. **Recommendations** For IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7), consider restricting access to sensitive network resources to minimize the risk of exploitation. As a temporary workaround, review and limit the use of any functionality that may be leveraged for sending unauthorized requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Server version 11.7 **Description** The issue allows a remote attacker to send specially crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end database. This is a result of a SQL injection flaw. **Recommendations** For IBM InfoSphere Information Server version 11.7, update to a version that includes a fix for this issue, as no specific workaround is provided in the available information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.