IBM Security Bulletin: An HttpClient security vulnerability has been identified with the embedded Content Manager used by IBM Business Automation Workflow (CVE-2012-5783)

IBM Business Automation Workflow has addressed the following security vulnerability with the embedded Content Manager. Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a website containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. For more information, refer to the following X-Force database entries.

CVE(s): CVE-2012-5783

Affected product(s) and affected version(s):
IBM Business Automation Workflow V18.0.0.1 IBM Business Automation Workflow V18.0.0.2 IBM Business Automation Workflow V19.0.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885550
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/79984

The post IBM Security Bulletin: An HttpClient security vulnerability has been identified with the embedded Content Manager used by IBM Business Automation Workflow (CVE-2012-5783) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2XhdVmM