CVE-2015-7493

MEDIUM

IBM InfoSphere Information Server - Code Injection

Title source: llm

Description

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.

References (2)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21982034

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90529

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 8.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (18)

ibm/infosphere_information_server

IBM Corporation/InfoSphere Information Server < 8.1

IBM Corporation/InfoSphere Information Server < 8.5

IBM Corporation/InfoSphere Information Server < 8.0

IBM Corporation/InfoSphere Information Server < 8.5.0.1

IBM Corporation/InfoSphere Information Server < 8.7

IBM Corporation/InfoSphere Information Server < 9.1

IBM Corporation/InfoSphere Information Server < 8.0.1

IBM Corporation/InfoSphere Information Server < 10.0

IBM Corporation/InfoSphere Information Server < 11.3

IBM Corporation/InfoSphere Information Server < 10

... and 3 more

Timeline

Published Feb 08, 2017

Tracked Since Feb 18, 2026