IBM Security Bulletin: Vulnerability in Apache FOP affects IBM Cúram Social Program Management (CVE-2017-5661)
Oct 2, 2017 10:00 am EDT
Categorized: Medium Severity
Share this post:
IBM Cúram Social Program Management uses the Apache FOP Library. Apache FOP could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By using a specially-crafted SVG file. A remote attacker could exploit this vulnerability to obtain sensitive information or possibly cause a denial of service.
CVE(s): CVE-2017-5661
Affected product(s) and affected version(s):
IBM Cúram Social Program Management 7.0.0.0 – 7.0.1.0
IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.5
IBM Cúram Social Program Management 6.1.0.0 – 6.1.1.5
IBM Cúram Social Program Management 6.0.5.0 – 6.0.5.10
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gxYAvM
X-Force Database: http://ift.tt/2v4YmRj
from IBM Product Security Incident Response Team http://ift.tt/2gxYB2O