In IBMs InfoSphere Information Server, einer Software zur Extraktion und Transfomation von diversen Daten in unterschiedlichste Formen, klaffen zahlreiche Sicherheitslücken. Angreifer können sie missbrauchen, um Schadcode einzuschleusen, Sicherheitsmaßnahmen zu umgehen, die Systeme lahmzulegen oder unbefugt auf Informationen zuzugreifen. Insgesamt liefert IBM 21 Sicherheitswarnungen aus. Sechs davon erreichen die Risikoeinstufung als hochriskant. IT-Verantwortliche sollten ihr IBM InfoSphere daher zügig auf den aktualisierten, fehlerfreien Stand bringen. Laut der Warnungen sind InfoSphere Information Server der Versionsreihe 11.7 von den Schwachstellen betroffen. Die aktualisierten Versionen 11.7.1.0 sowie 11.7.1.5 stehen zum Herunterladen bereit und dichten die SIcherheitslecks ab. Die Sicherheitswarnungen von IBM nach Schweregrad absteigend aufgelistet:
- IBM InfoSphere Information Server is affected by a code execution vulnerability in Eclipse JGit, CVSS 8.8
- IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc, CVSS maximal 8.6
- IBM InfoSphere Information Server is affected by a vulnerability in Oracle MySQL Connectors, CVSS 8.3
- Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server, CVSS maximal 7.5
- IBM InfoSphere Information Server is affected by a vulnerability in XNIO, CVSS 7.5
- IBM InfoSphere Information Server is vulnerable to stored cross-site scripting, CVSS 7.2
- IBM InfoSphere Information Server is vulnerable to stored cross-site scripting, CVSS 6.4
- IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL, CVSS maximal 5.9
- IBM InfoSphere Information Server is affected by a vulnerability in Psf Requests, CVSS 5.6
- IBM InfoSphere Information Server low level authenticated user can view sensitive information, CVSS 5.4
- IBM InfoSphere Information Server is vulnerable to server-side request forgery, CVSS 5.4
- IBM InfoSphere Information Server is vulnerable to cross-site scripting, CVSS 5.4
- IBM InfoSphere Information Server is vulnerable to stored cross-site scripting, CVSS 5.4
- IBM InfoSphere Information Server is vulnerable to stored cross-site scripting, CVSS 5.4
- IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information, CVSS 5.3
- IBM InfoSphere Information Server is vulnerable due to improper error handling, CVSS 4.3
- IBM InfoSphere Information Server is vulnerable to cross-site request forgery, CVSS 4.3
- IBM InfoSphere Information Server is vulnerable due to information exposure in a URL, CVSS 4.3
- IBM InfoSphere Information Server is vulnerable due to insecure authorization, CVSS 4.0
- IBM InfoSphere Information Server is affected by a vulnerability in tqdm, CVSS 3.9
- IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes, CVSS maximal 3.0