Home Unlabelled IBM Security Bulletin: Information disclosure in Liberty for Java for IBM Bluemix (CVE-2017-1681, CVE-2013-6440)

IBM Security Bulletin: Information disclosure in Liberty for Java for IBM Bluemix (CVE-2017-1681, CVE-2013-6440)

By
Tuesday, January 09, 2018
Read
Add Comment

There is a potential information disclosure vulnerability in WebSphere Application Server. There is an information disclosure due to an XML external entity (XXE) vulnerability when using the OpenSAML features in WebSphere Application Server Liberty.

CVE(s): CVE-2017-1681, CVE-2013-6440

Affected product(s) and affected version(s):

These vulnerabilities affect all versions of Liberty for Java in IBM Bluemix up to and including v3.15.

CVE-2013-6440 vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Liberty using samlWeb-2.0 feature
  • Liberty using wsSecuritySaml-1.1 feature

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2AJhs27
X-Force Database: http://ift.tt/2CUzLaF
X-Force Database: http://ift.tt/2hvl28Y

The post IBM Security Bulletin: Information disclosure in Liberty for Java for IBM Bluemix (CVE-2017-1681, CVE-2013-6440) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2qJjMqj
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us