SQL Injection in Ibm Infosphere_information_server

CVE-2013-4058

Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.

Vulnerability class: SQL Injection

EPSS: 0.005 (66.4th percentile) — read the EPSS interpretation.

Affected products

Ibm Infosphere_information_server — versions 8.5, 8.5.0.1, 8.5.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

JR49200 (vendor-advisory, x_refsource_AIXAPAR)
JR48815 (vendor-advisory, x_refsource_AIXAPAR)
ibm-infosphere-cve20134058-sqli(86547) (vdb-entry, x_refsource_XF)
JR49206 (vendor-advisory, x_refsource_AIXAPAR)
66155 (vdb-entry, x_refsource_BID)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)