CVE-2015-7490 - Improper Access Control

Severity

35%

Complexity

68%

Confidentiality

48%

IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.

CVSS 3.0 Base Score 3.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS 2.0 Base Score 3.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N).

Overview

Type

IBM InfoSphere Information Server

First reported 8 years ago

2016-03-03 22:59:00

Last updated 7 years ago

2017-09-08 01:29:00

Affected Software

IBM InfoSphere Information Server 8.5

8.5

IBM InfoSphere Information Server 8.5.0.1 (Fix Pack 1)

8.5.0.1

IBM InfoSphere Information Server 8.5.0.2 (Fix Pack 2)

8.5.0.2

IBM InfoSphere Information Server 8.5.0.3 (Fix Pack 3)

8.5.0.3

IBM InfoSphere Information Server 8.7

8.7

IBM InfoSphere Information Server 8.7.0.1 (Fix Pack 1)

8.7.0.1

IBM InfoSphere Information Server 8.7.0.2 (Fix Pack 2)

8.7.0.2

IBM InfoSphere Information Server 9.1

9.1

IBM InfoSphere Information Server 9.1.0.1

9.1.0.1

IBM InfoSphere Information Server 9.1.2

9.1.2

IBM InfoSphere Information Server 11.3

11.3

IBM InfoSphere Information Server 11.3.1

11.3.1

IBM InfoSphere Information Server 11.5

11.5

References

1035125

JR54787

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21975827