CVE-2023-35898 — Sensitive Information Exposure in IBM Infosphere Information Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.1%

top 75.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedJul 19

Description

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/infosphere_information_server11.7

▶NVDibm/infosphere_information_server11.7

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM InfoSphere Information Server information disclosure↗2023-07-19

▶

GHSA

GHSA-4f6w-wg6v-cghx: IBM InfoSphere Information Server 11↗2023-07-19

▶