The RMI Dispatcher listening port does not require authentication by default. The Dispatcher has added credential checking to ensure only authenticated users have adapter access.
CVE(s): CVE-2017-1407
Affected product(s) and affected version(s):
IBM Security Identity Manager v6.0 Adapters
Security Identity Adapters v7.x for ISIM 7.0, IGI 5.2.x, and PIM 2.x
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hva5rj
X-Force Database: http://ift.tt/2hwHw9g
The post IBM Security Bulletin: Security Identity Adapter attribute input is not protected against command injection appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2hva6eR
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.