IBM Security Bulletin: IBM Web Experience Factory is affected by a security vulnerability in Apache POI (CVE-2016-5000)

Apache POI, which is bundled with IBM Web Experience Factory, could allow a remote attacker to obtain sensitive information.

CVE(s): CVE-2016-5000

Affected product(s) and affected version(s):

Web Experience Factory 8.0.0.0 – 8.0.0.3

Web Experience Factory 8.5.0.0 – 8.5.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2cZwtRD
X-Force Database: http://ift.tt/2dFewhf

from IBM Product Security Incident Response Team http://ift.tt/2cZwXqZ