There is a potential security vulnerability in IBM WebSphere Application Server, that is used by IBM Tivoli Netcool Configuration Manager (ITNCM). This involves the use of the custom authentication that sets the cookies: WASPostParam and WASReqURL, when the LtpaToken2 session cookie is invalid. The data contained in these cookies is used when the user will be logged again to get the last known page.
CVE(s): CVE-2016-5983
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server
· Version 8.5.5 Full Profile and Liberty
· Version 8.5 Full Profile and Liberty
· Version 8.0
· Version 7.0
Included in the following releases:
ITNCM 6.4.2.0 – 6.4.2.2
ITNCM 6.4.1.0 – 6.4.1.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gkzoe5
X-Force Database: http://ift.tt/2cX6Wuu
from IBM Product Security Incident Response Team http://ift.tt/2gkCmPR
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.