There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October 2016. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server.
CVE(s): CVE-2016-5573, CVE-2016-5597, CVE-2016-8934
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
- Liberty
- Version 9.0
- Version 8.5.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ihIoP2
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2ilu2PU
from IBM Product Security Incident Response Team http://ift.tt/2ihCkWw
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.