IBM InfoSphere Information Server vulnerability (CVE-2022-36772)

Alert Severity: Medium

Issue Date: 2022-10-07

CVE(s): CVE-2022-36772

CVSS: 6.5

Impacted Products and Versions: IBM InfoSphere Information Server ver 11.7

Description:

Vulnerability found in IBM InfoSphere Information Server which allows low privilege user to view other users and groups list, which is available only to high privilege users. This vulnerability only allows VIEW access

Mitigation:

IBM has fixed this vulnerability, patches are available on IBM support website. InfoSphere users are advised to update below mentioned patches on IBM InfoSphere Information Server version 11.7:

–Apply InfoSphere Information Server version 11.7.1.0
–Apply InfoSphere Information Server version 11.7.1.3
–Apply Information Server 11.7.1.3 Service pack 4
–Apply Information Server Framework security patch