IBM Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2016-5953)

IBM Sterling Order Management is vulnerable by exposing the session identifier on an error page

CVE(s): CVE-2016-5953

Affected product(s) and affected version(s):

IBM Sterling Selling and Fulfillment Foundation 9.1.0
IBM Sterling Selling and Fulfillment Foundation 9.2.0
IBM Sterling Selling and Fulfillment Foundation 9.2.1
IBM Sterling Selling and Fulfillment Foundation 9.3
IBM Sterling Selling and Fulfillment Foundation 9.4
IBM Sterling Selling and Fulfillment Foundation 9.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hBv6iH
X-Force Database: http://ift.tt/2jI44Y5

from IBM Product Security Incident Response Team http://ift.tt/2iL921U