IBM Support

JR49200: Web UI vulnerabilities could lead to blind SQL injection attacks

Fixes are available

Download ISF roll-up 1 for InfoSphere Information Server Version 9.1.2
InfoSphere Information Server, Version 11.3 for Microsoft Windows
InfoSphere Information Server, Version 11.3 for AIX
InfoSphere Information Server, Version 11.3 for Linux
Download ISF roll-up 2 for InfoSphere Information Server Version 8.5.0.3
Download ISF roll-up 2 for InfoSphere Information Server Version 9.1.2
IBM InfoSphere Information Server Enterprise Edition V11.3 for Windows
Download ISF roll-up 3 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 4 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 5 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 7 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 8 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 4 for InfoSphere Information Server Version 8.5.0.3
Download ISF roll-up 11 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 12 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 1 for InfoSphere Information Server Version 8.7.0.2
Download ISF roll-up 10 for InfoSphere Information Server Version 9.1.2

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Web console vulnerabilities could lead to blind SQL injection
attacks

Local fix

  • 



Problem summary


    

  • ****************************************************************
PROBLEM DESCRIPTION:
Web UI vulnerabilities could lead to blind SQL injection attacks
CVE-2013-4058
****************************************************************
RECOMMENDATION:
Refer to the following Security Bulletin for remediation:
http://www-01.ibm.com/support/docview.wss?uid=swg21666684
****************************************************************

    



Problem conclusion


    

  • The recommended solution is to apply the fix as soon as
practical.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR49200
    • 

  • Reported component name
    WS INFORM. SRVC
    • 

  • Reported component ID
    5724Q3600
    • 

  • Reported release
    850
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2014-01-30
    • 

  • Closed date
    2014-03-31
    • 

  • Last modified date
    2014-03-31
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • Domain

    



Fix information


    

  • Fixed component name
    WS INFORM. SRVC
    • 

  • Fixed component ID
    5724Q3600
    • 



Applicable component levels


    

  • R850  PSY
       UP
    • 

  • R870  PSY
       UP
    • 

  • R912  PSY
       UP
    • 

  • R801  PSN
       UP
    • 

  • R810  PSN
       UP
    • 

  • R910  PSN
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSZJMP","label":"InfoSphere Information Services Director"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback