| Vulnerability Name: | CVE-2012-4818 (CCN-78651) | ||||||||||||
| Assigned: | 2012-11-19 | ||||||||||||
| Published: | 2012-11-19 | ||||||||||||
| Updated: | 2022-10-28 | ||||||||||||
| Summary: | IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system. | ||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-4818 Source: XF Type: UNKNOWN infosphere-ia-info-disclosure(78651) Source: XF Type: VDB Entry, Vendor Advisory IBM X-Force ID: 78651 Source: CCN Type: IBM Security Bulletin 1617882 Lack of path restriction may allow access to sensitive data stored on Information Server Engine (CVE-2012-4818) Source: MISC Type: Vendor Advisory https://www.ibm.com/blogs/psirt/security-bulletin-lack-of-path-restriction-may-allow-access-to-sensitive-data-stored-on-ibm-infosphere-information-server-cve-2012-4818/?lnk=hm | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||