Fixes are available
Download ISF roll-up 5 for InfoSphere Information Server Version 11.5.0.1
Download ISF roll-up 6 for InfoSphere Information Server Version 11.5.0.1
Download ISF roll-up 8 for InfoSphere Information Server Version 11.3.1.2
Download ISF roll-up 4 for InfoSphere Information Server Version 11.5.0.1
Download ISF roll-up 6 for InfoSphere Information Server Version 11.3.1.2
Download ISF roll-up 7 for InfoSphere Information Server Version 11.3.1.2
APAR status
Closed as program error.
Error description
An XML External Entity Injection (XXE) vulnerability in InfoSphere Information Server can be used by an attacker to retrieve local resources, list directories, and retrieve sensitive documents such as configuration files.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: Users of Information Server **************************************************************** PROBLEM DESCRIPTION: An XML External Entity Injection (XXE) vulnerability in InfoSphere Information Server can be used by an attacker to retrieve local resources, list directories, and retrieve sensitive documents such as configuration files. (CVE-2016-6059) **************************************************************** RECOMMENDATION: Refer to Security bulletin http://www.ibm.com/support/docview.wss?uid=swg21991683 for actions to perform. ****************************************************************
Problem conclusion
Fix coded
Temporary fix
Comments
APAR Information
APAR number
JR56569
Reported component name
INFO SRVR PLATF
Reported component ID
5724Q3612
Reported release
B50
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-09-12
Closed date
2016-10-31
Last modified date
2016-10-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
INFO SRVR PLATF
Fixed component ID
5724Q3612
Applicable component levels
RB31 PSY
UP
RB50 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZJPZ","label":"InfoSphere Information Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.5","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
15 October 2021