Tuesday, September 26, 2017

IBM Security Bulletin: Security Identity Adapter attribute input is not protected against command injection

The RMI Dispatcher listening port does not require authentication by default. The Dispatcher has added credential checking to ensure only authenticated users have adapter access.

CVE(s): CVE-2017-1407

Affected product(s) and affected version(s):

IBM Security Identity Manager v6.0 Adapters
Security Identity Adapters v7.x for ISIM 7.0, IGI 5.2.x, and PIM 2.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hva5rj
X-Force Database: http://ift.tt/2hwHw9g

The post IBM Security Bulletin: Security Identity Adapter attribute input is not protected against command injection appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2hva6eR

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.