IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM InfoSphere Change Data Capture installers (CVE-2016-4560)

InstallAnywhere generates installation executables on Microsoft Windows which are vulnerable to a DLL-planting exploit affecting the Change Data Capture (CDC) components within the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Delivery families of products.

CVE(s): CVE-2016-4560

Affected product(s) and affected version(s):

Affected CDC components include:
Management Console
Access Server (Windows-based version only)
Replication engines (agents) for the following databases (Windows-based versions only)
. DB2 for Linux, Unix and Windows
. Datastage
. Event Server
. Hadoop
. Informix
. FlexRep
. Microsoft SQL Server
. Netezza
. Oracle
. PureScale Data System for Analytics
. Sybase
. Teradata

The following product levels are affected:

IBM InfoSphere Data Replication	11.3.3, 11.3.0, 10.2.1, 10.2.0, 10.1.3, 10.1.2, 10.1.1, 10.1.0
IBM InfoSphere Data Replication for Apache Hadoop	11.3.3
IBM InfoSphere Data Replication for Database Migration	11.3.3, 10.2.1, 10.1.3
IBM InfoSphere Data Replication for Netezza	11.3.0, 10.2.1, 10.2.0, 10.1.3, 10.1.2
IBM InfoSphere Data Replication for Non-Production Environments	10.2.1, 10.1.3
IBM InfoSphere Change Data Delivery	11.3.3, 11.3.0, 10.2.1, 10.2.0
IBM InfoSphere Change Data Delivery for Information Server	11.3.3, 11.3.0, 10.2.1, 10.2.0
IBM InfoSphere Change Data Delivery for Netezza	11.3.0, 10.2.1, 10.2.0
IBM InfoSphere Change Data Delivery for PureData System for Analytics	11.3.3, 11.3.0
IBM InfoSphere Change Data Delivery for Information Server for PureData System for Analytics	11.3.3
IBM InfoSphere Change Data Delivery for Information Server for Netezza	11.3.0, 10.2.1, 10.2.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1TJLbuP
X-Force Database: http://ift.tt/1Vw3dW4

from IBM Product Security Incident Response Team http://ift.tt/1TJL9mI