Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM02025ABD9ECFA00B196AB4ED9D36E49A3AFB9030F953736871B3F35907903358
HistoryOct 04, 2023 - 8:22 a.m.

Security Bulletin: Vulnerability in commons-codec-1.8.jar have affected IBM Engineering Lifecycle Optimization - Publishing

2023-10-0408:22:11
www.ibm.com
16
apache commons codec
ibm engineering lifecycle optimization
publishing
vulnerability
sensitive information
remediation
ifixes
JSON

Summary

This security bulletin addresses security vulnerabilities with Apache Commons Codec that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing

Vulnerability Details

**IBM X-Force ID:**177835
**DESCRIPTION:**Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
PUB 7.0.1
PUB 7.0.2

Remediation/Fixes

Product Version(s) How to remediate ?
IBM Engineering Lifecycle Optimization - Publishing 7.0.1 The vulnerability can be remediated by applying the following PUB 7.0.1 iFix023 or later iFixes
7.0.2 The vulnerability can be remediated by applying the following PUB 7.0.2 iFix025 or later iFixes

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmengineering_lifecycle_optimization_-_publishingMatch7.0.1
OR
ibmengineering_lifecycle_optimization_-_publishingMatch7.0.2
JSON