...
Summary
System information is provided on an unprotected diagnostic page.
Vulnerability Details
CVEID: CVE-2014-3076
System information is provided on an unprotected diagnostic page.
Vulnerability Details
CVEID: CVE-2014-3076
DESCRIPTION:
IBM Business Process Manager 8.5 contains an unprotected JavaServer™ Pages (JSP) file that returns system information to unauthenticated users. An attacker might use this information to aid in further attacks against the system.
Affected Products and Versions
• IBM Business Process Manager Standard
• IBM Business Process Manager Express
• IBM Business Process Manager Advanced
Software version:
8.5, 8.5.0.1, 8.5.5
8.5, 8.5.0.1, 8.5.5
Remediation/Fixes
Install IBM Business Process Manager interim fix JR50760 as appropriate for your current IBM Business Process Manager version.
Install IBM Business Process Manager interim fix JR50760 as appropriate for your current IBM Business Process Manager version.
• IBM Business Process Manager Standard
• IBM Business Process Manager Express
• IBM Business Process Manager Advanced
...
Also: -
...
With My Notifications you can receive daily or weekly announcements through e-mail, custom Web pages and RSS feeds. These customizable communications can contain important news, new or updated support content, such as publications, hints and tips, technical notes, product flashes (alerts) and downloads and drivers. The tool allows you to customize and categorize the products you want to monitor and any of the available delivery methods to suit your support needs.
...
No comments:
Post a Comment