IBM Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the ‘docker cp’
IBM Cloud Automation Manager is affected by an issue with docker cp command that is vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges.
CVE(s): CVE-2018-15664
Affected product(s) and affected version(s):
IBM Cloud Automation Manager 3.1.x, 3.2.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10960227
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/161681
The post IBM Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the ‘docker cp’ appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2Yz3Eak