IBM Security Bulletin: IBM Connections Docs is affected by libxml2 vulnerabilty (CVE-2017-16932 CVE-2017-16931)

Share this post:

IBM Connections Docs has addressed the following vulnerability. IBM Connections Docs uses libxml2 to do document conversion. By using a percent character in a DTD name, a remote attacker could overflow a buffer and execute arbitrary code on the system. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust available memory on the system.

CVE(s): CVE-2017-16932, CVE-2017-16931

Affected product(s) and affected version(s):

Affected IBM Connections DocsAffected Versions
IBM Connections Docs2.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2B6gH4g
X-Force Database: http://ift.tt/2BNOTFm
X-Force Database: http://ift.tt/2B6gKNu



from IBM Product Security Incident Response Team http://ift.tt/2BNOW40