Apache Commons FileUpload could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.
CVE(s): CVE-2016-1000031
Affected product(s) and affected version(s):
IBM Monitoring 8.1.3
IBM Advanced Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
IBM Cloud Application Performance Management, Base Private 8.1.4
IBM Cloud Application Performance Management, Advanced Private 8.1.4
IBM Cloud Application Performance Management
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22016122
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957
The post IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects the IBM Performance Management product (CVE-2016-1000031) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2LmV2tZ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.