Monitoring Agent for WebSphere Applications (WebSphere Applications agent for short), which is delivered in the Cloud APM product, has addressed the following vulnerability: — The privacy filter used by the WebSphere Applications agent does not shield PCI data when the diagnostics or transaction tracking is enabled for the agent.
CVE(s): CVE-2018-1387
Affected product(s) and affected version(s):
- IBM Cloud Application Performance Management, Base Private 8.1.4
- IBM Cloud Application Performance Management, Advanced Private 8.1.4
- IBM Cloud Application Performance Management 8.1.4
- IBM Performance Management 8.1.3
- Cloud APM Data Collector 7.3
- Cloud APM Data Collector 7.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22014035
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138210
The post IBM Security Bulletin: Monitoring Agent for WebSphere Applications is affected by a potential for sensitive personal information to be visible when you use the diagnostics or transaction tracking capability of the agent appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2FgEDE8
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.