IBM Security Bulletin: IBM Content Classification is affected by an Open Source Eclipse Jetty Vulnerabilities

IBM Content Classification has addressed the following vulnerability. Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information.

CVE(s): CVE-2017-9735

Affected product(s) and affected version(s):

IBM Content Classification v8.8

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i6zho2
X-Force Database: http://ift.tt/2uivKbI

The post IBM Security Bulletin: IBM Content Classification is affected by an Open Source Eclipse Jetty Vulnerabilities appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2i7Qca5