Possible Path Disclosure Vulnerability in IBM InfoSphere Information Server 11.7
CVE-2023-50955

2.7LOW

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 21 February 2024

Summary

IBM InfoSphere Information Server version 11.7 is susceptible to a security issue that enables authenticated privileged users to access the absolute path of the web server installation. This exposure could facilitate further attacks, potentially compromising the integrity and security of the overall system. Organizations utilizing this version should assess their configurations and implement appropriate security measures to mitigate risks associated with unauthorized access.

Affected Version(s)

InfoSphere Information Server 11.7

References

https://www.ibm.com/support/pages/node/7116610

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/275777

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Dec 16, 2023