May 19, 2017 10:02 am EDT
Categorized: High Severity
IBM Business Proccess Manager is vulnerable to open redirects, caused by improper validation of user-supplied input.
CVE(s): CVE-2017-1159
Affected product(s) and affected version(s):
– IBM Business Process Manager V7.5.0.0 through V7.5.1.2
– IBM Business Process Manager V8.0.0.0 through V8.0.1.3
– IBM Business Process Manager V8.5.0.0 through V8.5.0.2
– IBM Business Process Manager V8.5.5.0
– IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2
– IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2016.12
Note: A fix for IBM BPM V8.5.7 cumulative fix (CF) 2017.03 is available even though IBM BPM V8.5.7 CF 2017.03 is not vulnerable to this security issue. The intention of this interim fix is to prevent the following unnecessary warning message in IBM Installation Manager, which you see when you upgrade IBM BPM:
“One or more fixes will be uninstalled when IBM(R) Business Process Manager <Advanced | Standard | Express> is updated to 8.5.7. CF2017.03. The update does not address issues that were resolved previously by the maintenance packages. The problems might return if fixes for the the following issues are not reapplied or have new fixes applied to prevent the problems from returning.
– JR57478 in the package IBM(R) Business Process Manager <Advanced | Standard | Express> 8.5…
– JR57590 in the package IBM(R) Business Process Manager <Advanced | Standard | Express> 8.5…”
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2rlG3tc
X-Force Database: http://ift.tt/2rzrD5V
from IBM Product Security Incident Response Team http://ift.tt/2rlQahK
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.