IBM Business Proccess Manager temporarily stores files in an usually shared directory during offline installs and thus might leak sensitive information stored in the files.
CVE(s): CVE-2017-1346
Affected product(s) and affected version(s):
– IBM Business Process Manager V7.5.0.0 through V7.5.1.2
– IBM Business Process Manager V8.0.0.0 through V8.0.1.3
– IBM Business Process Manager V8.5.0.0 through V8.5.0.2
– IBM Business Process Manager V8.5.5.0
– IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2
– IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.03
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2xtVHoJ
X-Force Database: http://ift.tt/2wLKZq2
The post IBM Security Bulletin: Potential information leakage during process app export in IBM Business Process Manager (CVE-2017-1346) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2xt5FGF
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.