IBM Security Bulletin: IBM FileNet Business Process Manager – Open Source Apache Xalan-Java reported in April X-Force Report (CVE-2014-0107)
Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. CVE(s): CVE-2014-0107 Affected product(s) and affected version(s): IBM FileNet Business Process...
from IBM Product Security Incident Response Team http://ibm.co/11Dgvag
from IBM Product Security Incident Response Team http://ibm.co/11Dgvag