| Vulnerability Name: | CVE-2012-0702 (CCN-73287) | ||||||||
| Assigned: | 2012-01-17 | ||||||||
| Published: | 2013-01-11 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. Per: http://xforce.iss.net/xforce/xfdb/73287 "IBM InfoSphere Information Server could allow a remote authenticated attacker to gain elevated privileges due to insecure authentication controls." | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0702 Source: CCN Type: IBM Security Bulletin 1623501 Multiple security vulnerabilities in the IBM InfoSphere Information Server Suite Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21623501 Source: XF Type: UNKNOWN infosphere-is-auth-priv-esc(73287) Source: XF Type: UNKNOWN infosphere-is-auth-priv-esc(73287) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||