IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE(s): CVE-2016-9991
Affected product(s) and affected version(s):
IBM Sterling Selling and Fulfillment Foundation 9.2.0
IBM Sterling Selling and Fulfillment Foundation 9.2.1
IBM Sterling Selling and Fulfillment Foundation 9.3.0
IBM Sterling Selling and Fulfillment Foundation 9.4.0
IBM Sterling Selling and Fulfillment Foundation 9.5.0
IBM Sterling Field Sales 9.2.0
IBM Sterling Field Sales 9.2.1
IBM Sterling Field Sales 9.3.0
IBM Sterling Field Sales 9.4.0
IBM Sterling Field Sales 9.5.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2kdOSP3
X-Force Database: http://ift.tt/2jU5Ndd
from IBM Product Security Incident Response Team http://ift.tt/2kdQmJa
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.