Jun 28, 2019 9:03 am EDT
Categorized: High Severity
Share this post:
There is a vulnerability in Apache ZooKeeper used by IBM® Cloud App Management. Apache ZooKeeper could allow a remote attacker to obtain sensitive information, caused by the failure to check permissions by the getACL() command. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM® Cloud App Management has addressed the applicable CVE in a later version.
CVE(s): CVE-2019-0201
Affected product(s) and affected version(s):
IBM Cloud App Management V2018.2.0
IBM Cloud App Management V2018.4.0
IBM Cloud App Management V2018.4.1
IBM Cloud App Management V2019.2.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10957455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/161303
from IBM Product Security Incident Response Team https://ift.tt/31YUVNJ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.