IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)

Public disclosed vulnerability from Apache Tomcat

CVE(s): CVE-2018-1305, CVE-2018-1304

Affected product(s) and affected version(s):

QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10719117
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139475
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139476

The post IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ibm.co/2WNlVx6