IBM Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156)
IBM Initiate Master Data Service is vulnerable to multiple Apache CXF issues and could allow remote attackers to steal a victim’s cookie-based authentication credentials and read arbitrary files on the system.
CVE(s): CVE-2016-6812, CVE-2016-8739, CVE-2017-5653, CVE-2017-5656
Affected product(s) and affected version(s):
This vulnerability is known to affect the following offerings:
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=swg22011984
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120409
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120408
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125087
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125216
The post IBM Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156) appeared first on IBM PSIRT Blog.
| Affected IBM Initiate Master Data Service | Affected Versions |
| IBM Initiate Master Data Service | 10.1 |
| IBM InfoSphere Master Data Management | 11.0 |
| IBM InfoSphere Master Data Management | 11.3 |
| IBM InfoSphere Master Data Management | 11.4 |
| IBM InfoSphere Master Data Management | 11.5 |
| IBM InfoSphere Master Data Management | 11.6 |
from IBM Product Security Incident Response Team http://ift.tt/2HERwss