The Apache Commons FileUpload that is used by IBM® WebSphere™ Application Server affects IBM SPSS Analytic Server. The potential threat could allow a remote attacker to execute arbitrary code on the system. The fix for this issue requires an update to the Websphere application server (detailed in another security bulletin) and an update to a specific IBM SPSS Analytic Server *.jar file.
CVE(s): CVE-2016-1000031
Affected product(s) and affected version(s):
IBM SPSS Analytic Server 2.0.0.0
IBM SPSS Analytic Server 2.1.0.0
IBM SPSS Analytic Server 3.0.0.0
IBM SPSS Analytic Server 3.0.1.0
IBM SPSS Analytic Server 3.1.0.0
IBM SPSS Analytic Server 3.1.1.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22015601
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957
The post IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server affects IBM SPSS Analytic Server (CVE-2016-1000031) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2MnBxSO
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.