In response to certain application errors, IBM Security Information Queue (ISIQ) could output messages that contain sensitve data, which could then be used to gain unauthorized system access. As of v1.0.6, ISIQ no longer includes sensitve data when outputting error messages.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Security Information Queue (ISIQ) | 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6172605
The post Security Bulletin: IBM Security Information Queue could reveal sensitive data in application error messages (CVE-2020-4164) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2Xkz8QC
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.