Vulnerability Bulletins

IBM Security Bulletin: Vulnerability in Castor library affects IBM Cúram(CVE-2014-3004)

System information
   
Affected software IBM

Description
IBM Cúram is shipped with a third party library called Castor, which is vulnerable to an XML External Entity Injection (XXE) error. CVE(s): CVE-2014-3004 Affected product(s) and affected version(s): IBM Cúram Social Program Management 4.5 IBM Cúram Social Program Management 5.2 IBM Cúram Social Program Management 6.0.3 IBM Cúram Social Program Management 6.0.4 IBM Cúram Social Program Management 6.0.5 IBM Cúram Social Program Management

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_castor_library_affects_ibm_c%25C3%25BAram_cve_2014_3004?lang=en_us

Standar resources
Property Value
CVE

Version history
Version Comments Date
1.0 Advisory issued 2015-04-18
Ministerio de Defensa
CNI
CCN
CCN-CERT