The agent core framework component makes use of expat. Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, could provide weaker than expected security. The expat XML parser is vulnerable to a denial of service, caused by the failure to use sufficient entropy for hash initialization.
CVE(s): CVE-2012-6702, CVE-2016-5300
Affected product(s) and affected version(s):
IBM Monitoring 8.1.3
IBM Application Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2xuenlO
X-Force Database: http://ift.tt/2dmagTH
X-Force Database: http://ift.tt/2cwoPxW
The post IBM Security Bulletin: A vulnerability in the agent core framework affects IBM Performance Management products appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2zT7g7T
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.