IBM Security Bulletin: IBM Content Classification is affected by an Open Source Eclipse Jetty Vulnerabilities
IBM Content Classification has addressed the following vulnerability. Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information.
CVE(s): CVE-2017-9735
Affected product(s) and affected version(s):
IBM Content Classification v8.8
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i6zho2
X-Force Database: http://ift.tt/2uivKbI
The post IBM Security Bulletin: IBM Content Classification is affected by an Open Source Eclipse Jetty Vulnerabilities appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2i7Qca5