## Summary
Multiple vulnerabilities in Kubernetes used by InfoSphere Information Server were addressed.
## Vulnerability Details
** CVEID: **[CVE-2022-3162]()
** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization. An attacker could exploit this vulnerability to read custom resources of a different kind in the same API group they are not authorized to read.
CVSS Base score: 6.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241379]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
** CVEID: **[CVE-2022-3294]()
** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in improper authentication. An attacker could exploit this vulnerability to bypass proxying address validation and redirect requests to the API Server through its private network.
CVSS Base score: 6.6
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241387]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
InfoSphere Information Server| 11.7
## Remediation/Fixes
**Product**| **VRMF**| **APAR**| **Remediation**
—|—|—|—
InfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [DT178733]( “DT178733” )| –Apply IBM InfoSphere Information Server version [11.7.1.0]()
–Apply InfoSphere Information Server version [11.7.1.4]( “11.7.1.4” )
–Apply InfoSphere Information Server [11.7.1.4 Service pack 1]( “11.7.1.4 Service pack 1” )
## Workarounds and Mitigations
None
References
Back to Main
