The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM InfoSphere DataStage

computer vulnerability CVE-2017-1495

IBM InfoSphere DataStage: information disclosure via Access Credentials

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Access Credentials of IBM InfoSphere DataStage, in order to obtain sensitive information.
Impacted products: InfoSphere DataStage.
Severity: 1/4.
Consequences: data reading.
Provenance: privileged account.
Creation date: 13/09/2017.
Identifiers: 2006068, CVE-2017-1495, SEC Consult SA-20170913-0, VIGILANCE-VUL-23835.

Description of the vulnerability

An attacker can bypass access restrictions to data via Access Credentials of IBM InfoSphere DataStage, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-1468

IBM InfoSphere DataStage: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of IBM InfoSphere DataStage, in order to escalate his privileges.
Impacted products: InfoSphere DataStage.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 13/09/2017.
Identifiers: 2006067, CVE-2017-1468, SEC Consult SA-20170913-0, VIGILANCE-VUL-23834.

Description of the vulnerability

An attacker can bypass restrictions of IBM InfoSphere DataStage, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-1383

IBM InfoSphere DataStage: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to IBM InfoSphere DataStage, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: InfoSphere DataStage.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 13/09/2017.
Identifiers: 2005803, CVE-2017-1383, SEC Consult SA-20170913-0, VIGILANCE-VUL-23833.

Description of the vulnerability

An attacker can transmit malicious XML data to IBM InfoSphere DataStage, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-1467

IBM InfoSphere DataStage: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on IBM InfoSphere DataStage, in order to read or write data in the session.
Impacted products: InfoSphere DataStage.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 13/09/2017.
Identifiers: 2006063, CVE-2017-1467, SEC Consult SA-20170913-0, VIGILANCE-VUL-23832.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on IBM InfoSphere DataStage, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-7415

IBM InfoSphere DataStage: buffer overflow via ICU4C

Synthesis of the vulnerability

An attacker can generate a buffer overflow via the Locale class of ICU as used in IBM InfoSphere DataStage, in order to trigger a denial of service, and possibly to run code.
Impacted products: InfoSphere DataStage.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/02/2017.
Identifiers: 1996973, CVE-2016-7415, VIGILANCE-VUL-21751.

Description of the vulnerability

The IBM InfoSphere DataStage product uses the ICU4C library for Unicode text handling.

However, the class Locale defined in the source file "common/locid.cpp" does not rightly check the length of an input string before copying it into the stack.

An attacker can therefore generate a buffer overflow via the Locale class of ICU as used in IBM InfoSphere DataStage, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-8982

IBM InfoSphere DataStage: information disclosure via URLs

Synthesis of the vulnerability

An attacker can collect URLs to an IBM InfoSphere DataStage server, in order to get sensitive information.
Impacted products: InfoSphere DataStage.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 16/01/2017.
Identifiers: 1995895, CVE-2016-8982, VIGILANCE-VUL-21586.

Description of the vulnerability

The IBM InfoSphere DataStage product offers a web service.

However, it stores sensitive data into URLs which can can retrieved by an attacker in browser cache, browser history, server logs or captured into the network.

An attacker can therefore collect URLs to an IBM InfoSphere DataStage server, in order to get sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-9000

IBM InfoSphere DataStage: Cross Site Scripting via an "iframe"

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via an "iframe" of IBM InfoSphere DataStage, in order to run JavaScript code in the context of the web site.
Impacted products: InfoSphere DataStage.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 10/01/2017.
Identifiers: 1995257, CVE-2016-9000, VIGILANCE-VUL-21535.

Description of the vulnerability

The IBM InfoSphere DataStage product offers a web service.

However, it does not filter received data via an "iframe" before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via an "iframe" of IBM InfoSphere DataStage, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.