Wednesday, August 30, 2017

IBM Security Bulletin: IBM Transformation Extender Advanced and IBM Standards Processing Engine are susceptible to a vulnerability in 10x (CVE-2017-1152)

IBM 10x framework does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.

CVE(s): CVE-2015-7410

Affected product(s) and affected version(s):

IBM Standards Processing Engine version 8.5 (common component 2.0.)

IBM Transformation Extender Advanced version 9.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iKe4k2
X-Force Database: http://ift.tt/2gqdSWn

The post IBM Security Bulletin: IBM Transformation Extender Advanced and IBM Standards Processing Engine are susceptible to a vulnerability in 10x (CVE-2017-1152) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2iHlu7m

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.