Home Unlabelled IBM Security Bulletin: Apache Commons FileUpload library in IBM Workload Console can allow a remote attacker to execute arbitrary code on the system (CVE-2016-1000031)

IBM Security Bulletin: Apache Commons FileUpload library in IBM Workload Console can allow a remote attacker to execute arbitrary code on the system (CVE-2016-1000031)

By
Tuesday, January 23, 2018
Read
Add Comment

Apache Commons FileUpload library, located in commons-fileupload-1.2.2.jar that is installed with IBM Dynamic Workload Console, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library.

CVE(s): CVE-2016-1000031

Affected product(s) and affected version(s):

IBM Workload Dynamic Console 8.6.0 FP04 and earlier
IBM Workload Dynamic Console 9.1.0 FP02 and earlier
IBM Workload Dynamic Console 9.2.0 FP02 and earlier
IBM Workload Dynamic Console 9.3.0 FP03 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012168
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957

The post IBM Security Bulletin: Apache Commons FileUpload library in IBM Workload Console can allow a remote attacker to execute arbitrary code on the system (CVE-2016-1000031) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BpzQ0w
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us