IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities
IBM Kenexa LCMS Premier on Cloud has addressed a vulnerability that could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.
CVE(s): CVE-2016-1000031
Affected product(s) and affected version(s):
9.3, 9.4, 9.5,10.0, 10.1,10.2,11.0,11.1,11.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Da9Pnn
X-Force Database: http://ift.tt/2hLFPWm
The post IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2DGdHOh