Ascential DataStage Multiple Security Issues
Posted: Thu Aug 31, 2017 5:07 am
Ryan NA has reported some security issues in Ascential DataStage, which can be exploited by malicious, local users to disclose sensitive information and to manipulate certain data, and by malicious users to disclose sensitive information.
1) The dsjob parameters are specified on the command line, which can be exploited e.g. to disclose passwords.
2) Insecure file permissions under the installation directory and the project directory can be exploited to manipulate certain files.
3) Additional logging output options include passwords within the log files.
The security issues are reported in version 7.5. Other versions may also be affected.
I didn't find the right solution from the internet.
1) The dsjob parameters are specified on the command line, which can be exploited e.g. to disclose passwords.
2) Insecure file permissions under the installation directory and the project directory can be exploited to manipulate certain files.
3) Additional logging output options include passwords within the log files.
The security issues are reported in version 7.5. Other versions may also be affected.
I didn't find the right solution from the internet.