IBM Security Bulletin: OpenJPA as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2013-1768)

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

CVE(s): CVE-2013-1768

Affected product(s) and affected version(s):

QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 4

QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10719109
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/82268

The post IBM Security Bulletin: OpenJPA as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2013-1768) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2WQbhWb