CVE-2016-9000 IBM CVE debrief

Who should care

IBM InfoSphere DataStage administrators, teams running InfoSphere Information Server on Cloud, and security owners for any exposed DataStage web interfaces or embedded portal pages.

Technical summary

NVD maps this issue to CWE-79 and lists CVSS 3.0 vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability affects IBM InfoSphere DataStage 8.7, 9.1, 11.3, 11.5, and InfoSphere Information Server on Cloud 11.5. The flaw is in cross-frame handling: insufficient iframe protection can allow a page controlled by an attacker to be framed or navigated in a way that supports clickjacking or similar client-side attacks.

Defensive priority

Medium. The attack is network-reachable and requires no privileges, but it does require user interaction and primarily affects browser-side confidentiality and integrity.

Recommended defensive actions

• Review IBM PSIRT advisory swg21995257 and apply the vendor-recommended fix or patch.
• Verify whether any exposed DataStage or Information Server web components are running one of the affected versions listed by NVD.
• Restrict access to DataStage web interfaces to trusted users and networks where possible.
• Validate browser-side anti-framing protections such as frame-ancestors or X-Frame-Options where supported by the application and deployment.
• Check enterprise guidance and user training to reduce successful clickjacking or malicious-link abuse against affected portals.

Evidence notes

The supplied NVD record identifies IBM as the vendor, lists affected CPEs for DataStage versions 8.7, 9.1, 11.3, 11.5, and InfoSphere Information Server on Cloud 11.5, and classifies the weakness as CWE-79. The record also includes the IBM advisory reference swg21995257, which is the primary remediation source in the corpus.

Official resources