Boletines de Vulnerabilidades

IBM Security Bulletin: Vulnerability in Castor library affects IBM Cúram(CVE-2014-3004)

Información sobre el sistema
   
Software afectado IBM

Descripción
IBM Cúram is shipped with a third party library called Castor, which is vulnerable to an XML External Entity Injection (XXE) error. CVE(s): CVE-2014-3004 Affected product(s) and affected version(s): IBM Cúram Social Program Management 4.5 IBM Cúram Social Program Management 5.2 IBM Cúram Social Program Management 6.0.3 IBM Cúram Social Program Management 6.0.4 IBM Cúram Social Program Management 6.0.5 IBM Cúram Social Program Management

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_castor_library_affects_ibm_c%25C3%25BAram_cve_2014_3004?lang=en_us

Identificadores estándar
Propiedad Valor
CVE

Histórico de versiones
Versión Comentario Data
1.0 Advisory issued 2015-04-18
Ministerio de Defensa
CNI
CCN
CCN-CERT