Fixes are available
Download ISF roll-up 1 for InfoSphere Information Server Version 9.1.2
InfoSphere Information Server, Version 11.3 for Microsoft Windows
InfoSphere Information Server, Version 11.3 for AIX
InfoSphere Information Server, Version 11.3 for Linux
Download ISF roll-up 2 for InfoSphere Information Server Version 8.5.0.3
Download ISF roll-up 2 for InfoSphere Information Server Version 9.1.2
IBM InfoSphere Information Server Enterprise Edition V11.3 for Windows
Download ISF roll-up 3 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 4 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 5 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 7 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 8 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 4 for InfoSphere Information Server Version 8.5.0.3
Download ISF roll-up 11 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 12 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 1 for InfoSphere Information Server Version 8.7.0.2
Download ISF roll-up 10 for InfoSphere Information Server Version 9.1.2
APAR status
Closed as program error.
Error description
Web console vulnerabilities could lead to blind SQL injection attacks
Local fix
Problem summary
**************************************************************** PROBLEM DESCRIPTION: Web UI vulnerabilities could lead to blind SQL injection attacks CVE-2013-4058 **************************************************************** RECOMMENDATION: Refer to the following Security Bulletin for remediation: http://www-01.ibm.com/support/docview.wss?uid=swg21666684 ****************************************************************
Problem conclusion
The recommended solution is to apply the fix as soon as practical.
Temporary fix
Comments
APAR Information
APAR number
JR49200
Reported component name
WS INFORM. SRVC
Reported component ID
5724Q3600
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-01-30
Closed date
2014-03-31
Last modified date
2014-03-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Domain
Fix information
Fixed component name
WS INFORM. SRVC
Fixed component ID
5724Q3600
Applicable component levels
R850 PSY
UP
R870 PSY
UP
R912 PSY
UP
R801 PSN
UP
R810 PSN
UP
R910 PSN
UP
Document Information
Modified date:
07 October 2021