IBM Cúram is shipped with a third party library called WSS4J, which is vulnerable to an attack on XML Encryption. WSS4J also fails to properly enforce the requireSignedEncryptedDataElements property which leaves it vulnerable to XML Signature wrapping...
from IBM Product Security Incident Response Team http://ift.tt/1VuVwLO
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.