IBM 10x framework used by IBM Transformation Extender Advanced REST API is vulnerable to XXE injection. The vulnerability was reported by IBM Financial Transaction Manager for ACH Services for Multi-Platform which also uses the IBM 10x framework.
CVE(s): CVE-2017-1758
Affected product(s) and affected version(s):
IBM Transformation Extender Advanced 9.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013432
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135859
The post IBM Security Bulletin: IBM Transformation Extender Advanced is Potentially Vulnerable to an XML External Entity (XXE) Injection in its REST API. appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2EI0gN8
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.