Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031)

Summary

Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031)

Vulnerability Details

CVEID: CVE-2016-1000031**
DESCRIPTION:** Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

WebSphere Service Registry and Repository V8.5
WebSphere Service Registry and Repository V8.0

For unsupported versions IBM recommends upgrading to a fixed, supported version of the product

Remediation/Fixes

To remediate CVE-2016-1000031 you need to apply fixes for both IBM WebSphere Application Server and IBM WebSphere Service Registry and Repository.

For** WebSphere Application Server** updates refer to this bulletin:
Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)

For WebSphere Service Registry and Repository, this vulnerability has been fixed under APAR IJ01131. Fixes containing IJ01131 have been published and are available from Fix Central.

For WSRR V8.5

• Apply V8.5.6.1**_IJ01131**** **
  For WSRR V8.0

• Apply V****8.0.0.3_IV65487_IV79085_IV87422_IV87429_IV89477_IJ01131