IBM Security Bulletin: IBM Tivoli Netcool Configuration Manager, Open Source Apache Xalan-Java vulnerability (CVE-2014-0107)

Apache Xalan-Java is included as separate JAR files for the compliance component which could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary...



via IBM Product Security Incident Response Team http://ibm.co/1mVk7Mf