Researchers discovered a zero-day vulnerability on IBM InfoSphere Information Server 8.5.0.0
Description:
IBM InfoSphere Information Server is a leading data integration platform with offerings that help you understand, cleanse, monitor, and transform data.
In addition, InfoSphere Information Server provides massively parallel processing (MPP) capabilities for a highly scalable and flexible integration platform that handles all data volumes, big and small.
However, a zero-day vulnerability is referred as the number of days a software developer has known about the problem, the solution to fixing a zero–day attack is known as a software patch.
And, researchers discovered is a Deserialization Vulnerability based.
Vulnerability Details:
When the JReport service is enabled as a web service, it is possible to create and send malicious Java objects to obtain a remote command execution on the remote target.
Follow Us on: Twitter, Instagram, Facebook to get latest security news!
Prerequisites: The JReport service needs to be enabled on InfoSphere.
Vulnerability Impact:
The vulnerability can be exploited by an unauthenticated, remote attacker by using the specialized tool BarMIe.
However, Successful exploitation can lead to arbitrary code execution. With this privilege level, an attacker can access to any kind of sensitive data and perform any kind of malicious activity with the affected target.
Also, the severity as critical with below scores:
| Vulnerability Rating: | CVSS v3.0 |
| Base Score: | 9.8 |
| Base Metrics: | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Vulnerability Rating: | CVSS v2.0 |
| Base Score: | 10 |
| Base Metrics: | CVSS:2.0/AV:N/AC:L/AU:N/C:C/I:C/A:C |
In addition, IBM InfoSphere Information Server 8.5.0.0 are confirmed as vulnerable platforms.
And, the patch is yet to be released.
Leave A Comment