Security Bulletin: Vulnerability in commons-httpclient-3.0.1.jar affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) (CVE-2012-5783)


## Summary Commons-httpclient-3.0.1.jar package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE (CVE-2012-5783). ## Vulnerability Details ** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) ** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- BM Cloud Pak for Data System 2.0| - ## Remediation/Fixes **IBM strongly recommends addressing the vulnerability now by upgrading to latest version.** Affected Product(s)| VRMF| Remediation/Fixes ---|---|--- IBM Cloud Pak for Data System 2.0|| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=>) Please follow the steps given in [release notes](<https://www.ibm.com/docs/en/cloud-paks/cloudpak-data-system/2.0?topic=20-version-2021-release-notes> "release notes" ) to upgrade the system with the above version. ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
ibm cloud pak for data system 2.0