FileNet Content Management Interoperability Services (CMIS), which is shipped with IBM Content Navigator, has addressed the following vulnerability. Ability to execute remote attacker’s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of FileUpload library
CVE(s): CVE-2016-1000031
Affected product(s) and affected version(s):
IBM Content Navigator 2.0.3.8
IBM Content Navigator 3.0
IBM Content Navigator 3.0.1
IBM Content Navigator 3.0.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2D5S491
X-Force Database: http://ift.tt/2hLFPWm
The post IBM Security Bulletin: FileNet Content Management Interoperability Services (CMIS), which is shipped with IBM Content navigator, is affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2D5SbkX
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.