IBM Cúram Social Program Management uses the Apache Commons Beanutils library, for which there is a publicly known vulnerability. The vulnerability could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| Curam SPM | 7.0.8 |
| Curam SPM | 7.0.4.4 |
| Curam SPM | 6.2.0.6 |
| Curam SPM | 6.1.1.6 |
| Curam SPM | 6.0.5.10 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/5691476
The post Security Bulletin: Vulnerability in Apache Commons Beanutils library affect IBM Cúram Social Program Management (CVE-2019-10086) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2IkV1q4
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.