Thursday, May 31, 2018

IBM Security Bulletin: IBM Connections Security Refresh (CVE-2017-1748)

IBM Connections security update to improve the default capabilities in login.jsp. This update adds the capability to whitelist the allowed domains for login redirects. Specifically, logic flow through the customizable login.jsp. The documentation on customizing the login.jsp is here. https://ift.tt/2L4ITcj

CVE(s): CVE-2017-1748

Affected product(s) and affected version(s):

The following versions of IBM Connections are impacted:

IBM Connections 6.0
IBM Connections 5.5
IBM Connections 5.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22016698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135521

The post IBM Security Bulletin: IBM Connections Security Refresh (CVE-2017-1748) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2LKvVBK
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)