IBM Tivoli Netcool Configuration Manager (ITNCM) is affected by a vulnerability discovered in XSTREAM (CVE-2016-3674). XStream could allow a remote attacker to obtain sensitive information, caused by an error when processing XML external entities. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVE(s): CVE-2016-3674
Affected product(s) and affected version(s):
The following releases:
ITNCM 6.4.2.0 – 6.4.2.2
ITNCM 6.4.1.0 – 6.4.1.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fxFbZj
X-Force Database: http://ift.tt/2gaQpX9
from IBM Product Security Incident Response Team http://ift.tt/2fxClUf
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.