IBM Security Bulletin: The BigFix Platform version 9.5 has security vulnerabilities that have been addressed via patch release 9.5.6

The BigFix Platform verions 9.5 has some vulnerabilities associated with the zlib library, as well as Cross Site Request Forgery, Missing Authentication for Critical Function, Cross Site Scripting and XML External Entity that have been addressed in patch release 9.5.6.

CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1218, CVE-2017-1222, CVE-2017-1203, CVE-2017-1219

Affected product(s) and affected version(s):

BigFix Platform Version 9.1, BigFix Platform Version 9.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zmh4KX
X-Force Database: http://ift.tt/2lLwOQm
X-Force Database: http://ift.tt/2mlzP6B
X-Force Database: http://ift.tt/2lLuetu
X-Force Database: http://ift.tt/2mlCjlv
X-Force Database: http://ift.tt/2u5GeJS
X-Force Database: http://ift.tt/2zT7hst
X-Force Database: http://ift.tt/2u5UwKc
X-Force Database: http://ift.tt/2tCatER

The post IBM Security Bulletin: The BigFix Platform version 9.5 has security vulnerabilities that have been addressed via patch release 9.5.6 appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2iODywI