Researchers discovered a zero-day vulnerability on IBM InfoSphere Information Server 220.127.116.11
IBM InfoSphere Information Server is a leading data integration platform with offerings that help you understand, cleanse, monitor, and transform data.
In addition, InfoSphere Information Server provides massively parallel processing (MPP) capabilities for a highly scalable and flexible integration platform that handles all data volumes, big and small.
However, a zero-day vulnerability is referred as the number of days a software developer has known about the problem, the solution to fixing a zero–day attack is known as a software patch.
And, researchers discovered is a Deserialization Vulnerability based.
When the JReport service is enabled as a web service, it is possible to create and send malicious Java objects to obtain a remote command execution on the remote target.
Prerequisites: The JReport service needs to be enabled on InfoSphere.
The vulnerability can be exploited by an unauthenticated, remote attacker by using the specialized tool BarMIe.
However, Successful exploitation can lead to arbitrary code execution. With this privilege level, an attacker can access to any kind of sensitive data and perform any kind of malicious activity with the affected target.
Also, the severity as critical with below scores:
|Vulnerability Rating:||CVSS v3.0|
|Vulnerability Rating:||CVSS v2.0|
In addition, IBM InfoSphere Information Server 18.104.22.168 are confirmed as vulnerable platforms.
And, the patch is yet to be released.