Code Injection Vulnerability in IBM Infosphere BigInsights 4.2.0
CVE-2017-1336

4.4MEDIUM

Key Information:

Vendor

IBM
Status
Biginsights
Vendor
CVE Published:
7 December 2017

What is CVE-2017-1336?

IBM Infosphere BigInsights 4.2.0 is susceptible to a code injection vulnerability that permits unauthorized code execution. This flaw could potentially allow an attacker to insert malicious code, enabling access to sensitive data and files that should remain restricted. Organizations using this version of BigInsights are encouraged to apply security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

BigInsights 4.2.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/126244
x_refsource_MISC
http://www.securityfocus.com/bid/102061
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22010812
x_refsource_CONFIRM

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.