The IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement products are affected by multiple security vulnerabilities that exist in IBM SDK Java Technology Edition and IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM Java SDK updates in October 2016 and includes the following additional vulnerabilities: 1. Potential HTTP response splitting vulnerability in IBM WebSphere Application Server 2. Apache Struts vulnerabilities affect WebSphere Application Server Administration Console 3. Potential information disclosure in WebSphere Application Server 4. Potential code execution vulnerability in WebSphere Application Server. 5. Potential information disclosure in WebSphere Application Server using malformed SOAP requests.
CVE(s): CVE-2016-0359, CVE-2016-1181, CVE-2016-1182, CVE-2016-5986, CVE-2016-5983, CVE-2016-5597, CVE-2016-9736
Affected product(s) and affected version(s):
IBM Emptoris Contract Management 9.5 through 10.1.2
IBM Emptoris Program Management 10.0.0 through 10.1.2
IBM Emptoris Sourcing 10.0.0 through 10.1.2
IBM Emptoris Spend Analysis 10.0.0 through 10.1.2
IBM Emptoris Supplier Lifecycle Management 9.5 through 10.1.2
IBM Emptoris Strategic Supply Management 10.0.0 through 10.1.2
IBM Emptoris Services Procurement 10.0.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iBhvZI
X-Force Database: http://ift.tt/28YBUiZ
X-Force Database: http://ift.tt/2974C3a
X-Force Database: http://ift.tt/29tkNpV
X-Force Database: http://ift.tt/2ccJKps
X-Force Database: http://ift.tt/2cX6Wuu
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2iIJjGM
from IBM Product Security Incident Response Team http://ift.tt/2iBgYXC
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.