There is an information disclosure due to an XML external entity (XXE) vulnerability when using the OpenSAML features in WebSphere Application Server Liberty.
CVE(s): CVE-2013-6440
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
- Liberty using samlWeb-2.0 feature
- Liberty using wsSecuritySaml-1.1 feature
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zI8Yvd
X-Force Database: http://ift.tt/2hvl28Y
The post IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2013-6440) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2zGScwy
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.