IBM 10x framework does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.
CVE(s): CVE-2015-7410
Affected product(s) and affected version(s):
IBM Standards Processing Engine version 8.5 (common component 2.0.)
IBM Transformation Extender Advanced version 9.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iKe4k2
X-Force Database: http://ift.tt/2gqdSWn
The post IBM Security Bulletin: IBM Transformation Extender Advanced and IBM Standards Processing Engine are susceptible to a vulnerability in 10x (CVE-2017-1152) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2iHlu7m
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.