IBM Security Bulletin: OpenSSL command line utility in IBM Workload Scheduler can run with elevated priviliges (CVE-2017-1716)
OpenSSL command line utility in IBM Workload Scheduler has SUID permissions and can run with elevated priviliges
CVE(s): CVE-2017-1716
Affected product(s) and affected version(s):
Tivoli Workload Scheduler Distributed 8.6.0 FP04 and earlier
Tivoli Workload Scheduler Distributed 9.1.0 FP02 and earlier
Tivoli Workload Scheduler Distributed 9.2.0 FP02 and earlier
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zyGbdY
X-Force Database: http://ift.tt/2mYGmcD
The post IBM Security Bulletin: OpenSSL command line utility in IBM Workload Scheduler can run with elevated priviliges (CVE-2017-1716) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2mYGnxd