IBM AppScan Source is affected by vulnerabilities in cURL which could allow a remote attacker to bypass security restrictions, caused by the failure to check the TLS connection server certificates.
CVE(s): CVE-2016-5419, CVE-2016-5420
Affected product(s) and affected version(s):
IBM AppScan Security 9.0.1, 9.0.2, 9.0.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2k8S4fr
X-Force Database: http://ift.tt/2kdL4xr
X-Force Database: http://ift.tt/2j0IwpD
from IBM Product Security Incident Response Team http://ift.tt/2jmxWcI
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.