IBM Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2016-5953)
IBM Sterling Order Management is vulnerable by exposing the session identifier on an error page
CVE(s): CVE-2016-5953
Affected product(s) and affected version(s):
IBM Sterling Selling and Fulfillment Foundation 9.1.0
IBM Sterling Selling and Fulfillment Foundation 9.2.0
IBM Sterling Selling and Fulfillment Foundation 9.2.1
IBM Sterling Selling and Fulfillment Foundation 9.3
IBM Sterling Selling and Fulfillment Foundation 9.4
IBM Sterling Selling and Fulfillment Foundation 9.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hBv6iH
X-Force Database: http://ift.tt/2jI44Y5
from IBM Product Security Incident Response Team http://ift.tt/2iL921U