CVE-2012-4818

Published: Sep 29, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system.

Affected (3)

Products: Ibm: Infosphere Information Server

1 product

Infosphere Information Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Information Server	Version 8.1
Ibm Infosphere Information Server	Version 8.5
Ibm Infosphere Information Server	Version 8.7

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/78651

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/blogs/psirt/security-bulletin-lack-of-path-restriction-may-allow-access-to-sensitive-data-stored-on-ibm-infosphere-information-server-cve-2012-4818/?lnk=hm

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/78651

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/blogs/psirt/security-bulletin-lack-of-path-restriction-may-allow-access-to-sensitive-data-stored-on-ibm-infosphere-information-server-cve-2012-4818/?lnk=hm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.