A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center. IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by the improper setting of a CSRFtoken cookie. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVE.
CVE(s): CVE-2016-0377
Affected product(s) and affected version(s):
IBM Spectrum Control 5.2.8 through 5.2.11
Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.11
The versions listed above apply to all licensed offerings of IBM Spectrum Control and Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fn02AV
X-Force Database: http://ift.tt/2bH6inX
from IBM Product Security Incident Response Team http://ift.tt/2fmYIOx
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.