IBM Support

IBM InfoSphere Information Services Catalog web application is exposed to various well known web UI vulnerabilities

Troubleshooting


Problem

The IBM InfoSphere Information Services Catalog web application is exposed to vulnerabilities in the web user interface (UI). The IBM InfoSphere Information Services Catalog web application is a read-only application (no data modifications are possible) and the displayed data is not considered sensitive information.

Symptom

Unexpected display of data

Environment

This problem can be seen when using the IBM InfoSphere Information Services Catalog web application to retrieve information.

Resolving The Problem

Stopping the InfoSphere Information Services Catalog web application from the WebSphere Administrative Console

To remediate the vulnerabilities, stop the application from the WebSphere Administrative Console.
Alternately, you can use the IBM InfoSphere Information Server Console client interface. It offers the same capabilities as are available in the InfoSphere Information Services Catalog web application.

Procedure:

1. Click Applications -> Application Types -> WebSphere enterprise applications.
2. Select RTICatalog_web.ear, and then click Stop.

The InfoSphere Information Services Catalog web application stops immediately.



Disabling the automatic start of InfoSphere Information Services Catalog web application by WebSphere Application Server

By default, the InfoSphere Information Services Catalog web application starts automatically when WebSphere Application Server is restarted. You can disable the automatic start of InfoSphere Information Services Catalog web application by WebSphere Application Server.

Procedure:

1. Log in to the WebSphere Administrative Console.
2. Click Applications -> Application Types -> WebSphere enterprise. applications -> RTICatalog_web.ear -> Target specific application status.
3. Select the server listed. In a clustered environment, if multiple servers are listed, select all.
4. Click Disable Auto Start.
5. Save changes to the administrative configuration.

For more information, see Disabling automatic starting of applications.



Additional information

After the InfoSphere Information Services Catalog web application is stopped, you will see a “broken” page message if you try to access the InfoSphere Information Services Catalog web application from a browser. For example, if you click anything on the InfoSphere Information Services Catalog tab from the InfoSphere Information Server web console, you will see a web page similar to the following



You might also see a broken page message in your browser when you click View Service in Catalog in the InfoSphere Information Server Console, as shown in the following two graphics.






The broken page messages are normal behavior after the InfoSphere Information Services Catalog web application has been stopped.

[{"Product":{"code":"SSZJPZ","label":"IBM InfoSphere Information Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.1.2.0;8.7;8.5;8.1;8.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSZJPZ","label":"IBM InfoSphere Information Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.1.2.0;8.7;8.5;8.1;8.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
16 June 2018

UID

swg21673620