Security Bulletin: Vulnerability from Apache HttpClient affects IBM Cloud Pak System (CVE-2012-5783)


## Summary Vulnerability has been identified in Apache Commons HttpClient shipped with IBM Cloud Pak System. ## Vulnerability Details ** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) ** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Cloud Pak System| 2.3 IBM Cloud Pak System| 2.2 ## Remediation/Fixes For IBM Cloud Pak System V2.3.0 and V2.3.0.1, upgrade to V2.3.1.1 Information on upgrading can be found here: [http://www.ibm.com/support/docview.wss?uid=ibm10887959.](<http://www.ibm.com/support/docview.wss?uid=ibm10887959>) ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
ibm cloud pak system software 2.3
ibm cloud pak system software