BlueZ is vulnerable to a denial of service, caused by a buffer over-read issue. By using a specially-crafted dump file, an attacker could exploit this vulnerability to cause the application to crash. IBM Tealeaf contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM Tealeaf Customer Experience could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security.
CVE(s): CVE-2016-10161, CVE-2017-1204, CVE-2016-2983
Affected product(s) and affected version(s):
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On 16.1.01.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22006455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121892
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123740
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113999
The post IBM Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2DzwrC9
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.