Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAB56D60E993740805114C7455D029B23C0AF3C36C7C5BD4E3DA63C47701268B0
HistoryJul 18, 2023 - 7:13 a.m.

Security Bulletin: Vulnerabilities in Commons Codec library affects IBM Engineering Test Management (ETM) (IBM X-Force ID:177835)

2023-07-1807:13:31
www.ibm.com
11
ibm
etm
commons codec
vulnerability
upgrade
fix
remote attacker
sensitive information
validation
JSON

Summary

This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability.

Vulnerability Details

**IBM X-Force ID:**177835
**DESCRIPTION:**Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
ETM 7.0.1
ETM 7.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of commons codec.

Suggested :

Product(s)|**Version(s)
**|Remediation/Fix/Instructions
—|—|—
Engineering Test Management | 7.0.1|

Download and apply ETM 7.0.1 iFix22 from Fix Central here

Engineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix23 from Fix Central here

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmengineering_test_managementMatch7.0.2
OR
ibmengineering_test_managementMatch7.0.1
JSON