- 266/2022
- Critical
IBM has released a security update to fix a critical vulnerability that affects IBM InfoSphere Information Server.
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability. The addressed vulnerability could allow the remote attacker to execute an arbitrary command due to improper neutralization of special elements on the affected system of IBM InfoSphere DataStage.
IBM InfoSphere DataStage Command Injection (CVE-2022-40752)
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-40752
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.