Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031)

Summary

Jazz for Service Management (JazzSM) is affected by an Apache Commons FileUpload vulnerability. JazzSM has addressed this vulnerability

Vulnerability Details

CVEID: CVE-2016-1000031**
DESCRIPTION:** JazzSM could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Jazz for Service Management version 1.1.3

Remediation/Fixes

Principal Product and Version(s)

| Cumulative Patch Level
—|—
Jazz for Service Management version 1.1.3| Apache Commons FileUpload Vulnerability addressed with JazzSM 1.1.3 Cumulative Patch level 5
1.1.3.0-TIV-JazzSM-DASH-Cumulative-Patch-0005

Workarounds and Mitigations

None