CVE-2017-1469

Published: Aug 14, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.

Affected (3)

Products: Ibm: Infosphere Information Server

Ibm

1 product

Infosphere Information Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Information Server	Version 11.3
Ibm Infosphere Information Server	Version 11.5
Ibm Infosphere Information Server	Version 9.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

http://www.ibm.com/support/docview.wss?uid=swg22006069

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/100309

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/128468

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www.ibm.com/support/docview.wss?uid=swg22006069

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/100309

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/128468

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.