Web user accounts can be authenticated against an LDAP server, in IBM Integration Bus V10.0.0.4 and later versions. However, under some circumstances it is possible for a remote user to be authenticated without providing valid credentials.
CVE(s): CVE-2016-8918
Affected product(s) and affected version(s):
IBM Integration Bus V10
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2h2qPER
X-Force Database: http://ift.tt/2gQ8nfD
from IBM Product Security Incident Response Team http://ift.tt/2h2sLNz
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.