Secure properties in IBM UrbanCode Deploy that contain certain special characters are not obfuscated correctly in the step output logs of steps that use the properties.
CVE(s): CVE-2016-0364
Affected product(s) and affected version(s):
IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.2.0.0, 6.2.0.1, 6.2.0.2, and 6.2.1 on all supported platforms.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1WUFOyG
X-Force Database: http://ift.tt/1qXe7Y6
from IBM Product Security Incident Response Team http://ift.tt/1WUGCn0
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.