IBM Docs has addressed the following vulnerabilities. Libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. Libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. Libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser.
CVE(s): CVE-2016-4447, CVE-2016-4448, CVE-2016-4449
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zUVVrT
X-Force Database: http://ift.tt/29qofDU
X-Force Database: http://ift.tt/29hoGgb
X-Force Database: http://ift.tt/29qou1O
The post IBM Security Bulletin: IBM Connections Docs is affected by vulnerability issues caused by libxml2 (CVE-2016-4447 CVE-2016-4448 CVE-2016-4449) appeared first on IBM PSIRT Blog.
| Affected IBM Connections Docs | Affected Versions |
| IBM Connections Docs | 2.0.0 |
from IBM Product Security Incident Response Team http://ift.tt/2zSk5Db
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.