SymmetricalDataSecurity: IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH)

Thursday, February 23, 2017

IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH)

IBM Tivoli Widget Library (TWL), a sub component of DASH that in turn is bundled in IBM Jazz for Service Management (JazzSM) is affected by Cross Site Request Forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE(s): CVE-2016-9975

Affected product(s) and affected version(s):

Dashboard Application Services Hub 3.1.2.1, part of IBM Jazz for Service Management 1.1.2.1
Dashboard Application Services Hub 3.1.3, part of IBM Jazz for Service Management 1.1.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mgo9CO
X-Force Database: http://ift.tt/2kQux6T

The post IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2mgoRjq

SymmetricalDataSecurity

Thursday, February 23, 2017

IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews