CVE-2015-7490

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 8.5 through FP3 IBM InfoSphere Information Server versions 8.7 through FP2 IBM InfoSphere Information Server versions 9.1 through 9.1.2.0 IBM InfoSphere Information Server versions 11.3 through 11.3.1.2 IBM InfoSphere Information Server versions 11.5

Description The issue is related to insufficient access control in the InfoSphere Information Server platform. It allows a remote authenticated user to bypass intended access restrictions by using a modified cookie.

Recommendations For IBM InfoSphere Information Server versions 8.5 through FP3, update to a version later than FP3 to resolve the issue. For IBM InfoSphere Information Server versions 8.7 through FP2, update to a version later than FP2 to resolve the issue. For IBM InfoSphere Information Server versions 9.1 through 9.1.2.0, update to a version later than 9.1.2.0 to resolve the issue. For IBM InfoSphere Information Server versions 11.3 through 11.3.1.2, update to a version later than 11.3.1.2 to resolve the issue. For IBM InfoSphere Information Server versions 11.5, update to a version later than 11.5 to resolve the issue.