Home Unlabelled IBM Security Bulletin: BigFix Compliance (TEMA SUAv1 SCA SCM) affected by multiple vulnerabilities

IBM Security Bulletin: BigFix Compliance (TEMA SUAv1 SCA SCM) affected by multiple vulnerabilities

By
Thursday, February 07, 2019
Read
Add Comment

The BigFix Compliance product is exhibiting vulnerabilities in the following categories: Improper Certificate Validation, Link Injection, Query Parameter in SSL Request, and Information Exposure. These vulnerabilities have been addressed in release 1.10.0. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ used by BigFix Compliance. These issues were disclosed as part of the IBM Java SDK updates in October 2017.

CVE(s): CVEID 2017-1200, CVE-2017-1177, CVE 2017-1198, CVE 2017-1202, CVE-2017-10345, CVE-2017-10356

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10737581
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123675
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123429
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123673
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123677
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133774
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133785

The post IBM Security Bulletin: BigFix Compliance (TEMA SUAv1 SCA SCM) affected by multiple vulnerabilities appeared first on IBM PSIRT Blog.

Affected Product

Affected Versions

BigFix Compliance

1.7-1.9.91



from IBM Product Security Incident Response Team https://ibm.co/2WQbd8T
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us