IBM Content Navigator uses a common key stored in the application’s source code to encrypt and decrypt some user credentials.
CVE(s): CVE-2018-1979
Affected product(s) and affected version(s):
| Affected IBM Content Navigator | Affected Versions |
|---|---|
| IBM Content Navigator | 2.0.3 |
| IBM Content Navigator | 3.0CD |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10788123
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154070
The post IBM Security Bulletin: IBM Content Navigator uses a common key to encrypt certain user names and passwords appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2XrLKmr
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.