Friday, November 18, 2016

IBM Security Bulletin: a vulnerability in MongoDB affects IBM Performance Management products (CVE-2016-6494)

MongoDB could allow a local attacker to obtain sensitive information, caused by incorrect file permissions on .dbshell history files. An attacker could exploit this vulnerability to obtain sensitive information from .dbshell history files.

CVE(s): CVE-2016-6494

Affected product(s) and affected version(s):

IBM Monitoring 8.1.2 and 8.1.3

IBM Application Diagnostics 8.1.2 and 8.1.3

IBM Application Performance Management 8.1.2 and 8.1.3

IBM Application Performance Management Advanced 8.1.2 and 8.1.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gqq8pg
X-Force Database: http://ift.tt/2g3UA4D



from IBM Product Security Incident Response Team http://ift.tt/2gqxngX

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.