PT-2020-7243 · Ibm · Ibm Infosphere Information Server+1
Published
2020-08-28
·
Updated
2022-10-28
·
CVE-2012-4818
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM InfoSphere Information Server versions 8.1, 8.5, and 8.7
Description:
The issue is caused by improper restrictions on directories, allowing a remote authenticated attacker to obtain sensitive information. An attacker could exploit this via the DataStage application to load or import content functionality, enabling them to view arbitrary files on the system.
Recommendations:
For IBM InfoSphere Information Server versions 8.1, 8.5, and 8.7, restrict access to the DataStage application's load or import content functionality to minimize the risk of exploitation. Consider implementing proper directory restrictions to prevent unauthorized access to sensitive information.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Datastage
Ibm Infosphere Information Server