Lucene search

K
ibmIBMAB56D60E993740805114C7455D029B23C0AF3C36C7C5BD4E3DA63C47701268B0
HistoryJul 18, 2023 - 7:13 a.m.

Security Bulletin: Vulnerabilities in Commons Codec library affects IBM Engineering Test Management (ETM) (IBM X-Force ID:177835)

2023-07-1807:13:31
www.ibm.com
9
ibm
etm
commons codec
vulnerability
upgrade
fix
remote attacker
sensitive information
validation

Summary

This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability.

Vulnerability Details

**IBM X-Force ID:**177835
**DESCRIPTION:**Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
ETM 7.0.1
ETM 7.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of commons codec.

Suggested :

Product(s)|**Version(s)
**|Remediation/Fix/Instructions
—|—|—
Engineering Test Management | 7.0.1|

Download and apply ETM 7.0.1 iFix22 from Fix Central here

Engineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix23 from Fix Central here

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmengineering_test_managementMatch7.0.2
OR
ibmengineering_test_managementMatch7.0.1