IBM Cúram Social Program Management uses the Apache Axis Library. Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate.
CVE(s): CVE-2014-3596
Affected product(s) and affected version(s):
IBM Cúram Social Program Management 7.0.0.0 – 7.0.1.0
IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.5
IBM Cúram Social Program Management 6.1.0.0 – 6.1.1.5
IBM Cúram Social Program Management 6.0.5.0 – 6.0.5.10
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2xatqA1
X-Force Database: http://ift.tt/1IVOcYE
The post IBM Security Bulletin: Vulnerability in Apache Axis affects IBM Cúram Social Program Management (CVE-2014-3596) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2xabSEi
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.