IBM Security Bulletin: Vulnerability in Apache Taglibs affects IBM Cúram Social Program Management (CVE-2015-0254)

IBM Cúram Social Program Management uses the Apache Taglibs Library. Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data.

CVE(s): CVE-2015-0254

Affected product(s) and affected version(s):

IBM Cúram Social Program Management 7.0.0.0 – 7.0.1.0
IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.5
IBM Cúram Social Program Management 6.1.0.0 – 6.1.1.5
IBM Cúram Social Program Management 6.0.5.0 – 6.0.5.10

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2xavzvx
X-Force Database: http://ift.tt/1syxSqm

The post IBM Security Bulletin: Vulnerability in Apache Taglibs affects IBM Cúram Social Program Management (CVE-2015-0254) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2xa9a1o