IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products
The vulnerabilities could allow a remote attacker to conduct phishing attacks or obtain sensitive information, or allow cross-site scripting in OpenID Connect clients.
CVE(s): CVE-2016-3040, CVE-2016-3042, CVE-2016-0378
Affected product(s) and affected version(s):
IBM Monitoring 8.1.2 and 8.1.3
IBM Application Diagnostics 8.1.2 and 8.1.3
IBM Application Performance Management 8.1.2 and 8.1.3
IBM Application Performance Management Advanced 8.1.2 and 8.1.3
IBM Performance Management on Cloud
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2m3dVIH
X-Force Database: http://ift.tt/2ciMesr
X-Force Database: http://ift.tt/2coBlSO
X-Force Database: http://ift.tt/2cG9hh7
The post IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2m3nw27