IBM Control Center has addressed the following vulnerability: A potential XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE(s): CVE-2017-1758
Affected product(s) and affected version(s):
IBM Control Center 6.0.0.0 through 6.0.0.2
IBM Control Center 6.1.0.0 through 6.1.0.2 iFix01
IBM Control Center 6.1.1.0 base release
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013375
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135859
The post IBM Security Bulletin: 10x Vulnerability in IBM Control Center Could Allow Potential XML External Entity (XXE) Injection appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2odFKgx
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.