IBM WebSphere Message Broker/ IBM Integration Bus web user passwords are logged inside the service trace which can be read by an authorised local user
CVE(s): CVE-2017-1207
Affected product(s) and affected version(s):
IBM Integration Bus V10.0.0.0- 10.0.0.7
IBM Integration Bus V9.0.0.0- 9.0.0.7
WebSphere Message Broker V8.0.0.0 – 8.0.0.8
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2tC13Nz
X-Force Database: http://ift.tt/2sjbaCU
The post IBM Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by ‘Information Disclosure’ vulnerability appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2tC14kB
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.