IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability

IBM FileNet Content Manager, IBM Content Foundation and IBM Case Foundation has addressed the following security vulnerability. Ability to execute remote attacker’s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of Apache Commons FileUpload library. The affected “Apache Commons FileUpload” has been upgraded to the fixed version v1.3.3. For more information please refer to the X-Force database entries referenced below.

CVE(s): CVE-2016-1000031

Affected product(s) and affected version(s):

IBM FileNet Content Manager 5.2.1, 5.5.0
IBM Content Foundation 5.2.1, 5.5.0
IBM Case Foundation 5.2.1, 5.3.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Da9K33
X-Force Database: http://ift.tt/2hLFPWm

The post IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2D8uA2U