Wednesday, January 24, 2018

IBM Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

BlueZ is vulnerable to a denial of service, caused by a buffer over-read issue. By using a specially-crafted dump file, an attacker could exploit this vulnerability to cause the application to crash. IBM Tealeaf contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM Tealeaf Customer Experience could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. 

CVE(s): CVE-2016-10161, CVE-2017-1204, CVE-2016-2983

Affected product(s) and affected version(s):

IBM Tealeaf Customer Experience on Cloud Network Capture Add-On 16.1.01.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22006455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121892
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123740
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113999

The post IBM Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2DzwrC9

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.