IBM Security Bulletin: An Apache PDFBox security vulnerability has been identified with the embedded Content Manager used by IBM Business Automation Workflow (CVE-2018-8036)

IBM Business Automation Workflow has addressed the following security vulnerability with the embedded Content Manager. Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception in AFMParser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. For more information, refer to the X-Force database entries referred to below.

CVE(s): CVE-2018-8036

Affected product(s) and affected version(s):
IBM Business Automation Workflow V18.0.0.1 IBM Business Automation Workflow V18.0.0.2 IBM Business Automation Workflow V19.0.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885544
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145592

The post IBM Security Bulletin: An Apache PDFBox security vulnerability has been identified with the embedded Content Manager used by IBM Business Automation Workflow (CVE-2018-8036) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2J28mEV