فا

‫ IBM Security Access Manager for Mobile Multiple Vulnerabilities

ID:IRCAD2014103559
Release Date: 2014-10-10
Criticality level: Highly critical
Software:
IBM Security Access Manager for Mobile 8.x
Description:
Multiple vulnerabilities have been reported in IBM Security Access Manager for Mobile, which can be exploited by malicious people to disclose certain sensitive information, manipulate certain data, conduct cross-site scripting attacks, and compromise a vulnerable system.
1) The product bundles a vulnerable version of Java.
2) Certain unspecified input is not properly sanitised before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands.
3) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in firmware versions 8.0.0.0, 8.0.0.1, 8.0.0.3, and 8.0.0.4.
Solution:
Apply 8.0.0-ISS-ISAM-FP0005.
References:
IBM (IV64911, IV64910, IV64919):
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 22 مهر 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0