Home Unlabelled IBM Security Bulletin: Security Bulletin: IBM MessageSight is affected by an IBM WebSphere Liberty expression language vulnerability

IBM Security Bulletin: Security Bulletin: IBM MessageSight is affected by an IBM WebSphere Liberty expression language vulnerability

By
Tuesday, January 22, 2019
Read
Add Comment

Jan 22, 2019 9:01 am EST

Categorized: Medium Severity

Share this post:

IBM MessageSight has addressed the following vulnerability. Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager.

CVE(s): CVE-2014-7810

Affected product(s) and affected version(s):

Affected IBM MessageSightAffected Versions
IBM MessageSight1.2.0.0 – 1.2.0.3
IBM MessageSight2.0.0.0 – 2.0.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10794189
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103155



from IBM Product Security Incident Response Team https://ibm.co/2Hm3GLo
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us