Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2343 Security Bulletin: Multiple vulnerabilities affect IBM Omni-Channel Marketing products and IBM Watson products 6 October 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Omni-Channel Marketing products IBM Watson products Publisher: IBM Operating System: AIX Linux variants Solaris Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Existing Account Cross-site Request Forgery -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-5986 CVE-2016-5983 CVE-2016-3485 CVE-2016-3092 CVE-2016-0377 CVE-2016-0359 Reference: ASB-2016.0074 ESB-2016.1583 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21991738 http://www.ibm.com/support/docview.wss?uid=swg21990062 Comment: This bulletin contains two (2) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Omni-Channel Marketing products suite (CVE-2016-0377, CVE-2016-5983, CVE-2016-5986) Security Bulletin Document information More support for: IBM Campaign Configuration Software version: 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0 Operating system(s): AIX, Linux, Solaris, Windows Reference #: 1991738 Modified date: 2016-10-05 Summary IBM WebSphere Application Server variants are shipped with IBM Omni-Channel Marketing products suite. Information about a security vulnerabilities affecting WebSphere Application Server has been published in security bulletins. Vulnerability Details Refer to the security bulletin listed in the Remediation/Fixes section. Affected Products and Versions IBM Campaign : 8.6 - 10.0 IBM Contact Optimization : 8.6 - 10.0 IBM Distributed Marketing : 8.6 - 10.0 IBM Marketing Operations : 8.6 - 10.0 IBM Opportunity Detect : 9.1 - 10.0 IBM Interact 8.6 - 10.0 IBM Interact Advanced Patterns : 9.1.1 - 10.0 IBM Predictive Insight : 8.6 - 9.0 IBM Leads : 8.6 - 9.1.1 Remediation/Fixes Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Omni-Channel Marketing products suite. Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin IBM Campaign : 9.1.1 - 10.0 IBM WebSphere Application Server 8.5.5 http://www-01.ibm.com/support/docview.wss?uid=swg21980645 IBM Contact Optimization : 9.1.1 - 10.0 http://www-01.ibm.com/support/docview.wss?uid=swg21990056 IBM Distributed Marketing : 9.1.1 - 10.0 http://www-01.ibm.com/support/docview.wss?uid=swg21990060 IBM Marketing Operations : 9.1.1 - 10.0 IBM Opportunity Detect : 9.1.1 - 10.0 IBM Interact : 9.1.1 - 10.0 IBM Leads : 9.1.1 IBM Campaign : 9.1.0 IBM WebSphere Application Server 8.5.0.2 http://www-01.ibm.com/support/docview.wss?uid=swg21980645 IBM Contact Optimization : 9.1.0 http://www-01.ibm.com/support/docview.wss?uid=swg21990056 IBM Distributed Marketing : 9.1.0 http://www-01.ibm.com/support/docview.wss?uid=swg21990060 IBM Marketing Operations : 9.1.0 IBM Interact : 9.1.0 IBM Leads : 9.1.0 IBM Campaign : 8.6 - 9.0 IBM WebSphere Application Server - Express 8.0 http://www-01.ibm.com/support/docview.wss?uid=swg21980645 IBM Contact Optimization : 8.6 - 9.0 http://www-01.ibm.com/support/docview.wss?uid=swg21990056 IBM Distributed Marketing : 8.6 - 9.0 http://www-01.ibm.com/support/docview.wss?uid=swg21990060 IBM Marketing Operations : 8.6 - 9.0 IBM Predictive Insight - 8.6 - 9.0 IBM Interact 8.6 - 9.0 IBM Leads 8.6 - 9.0 IBM Opportunity Detect : 9.1 IBM WebSphere Application Server - Liberty 8.5.0.2 http://www-01.ibm.com/support/docview.wss?uid=swg21980645 IBM Interact Advanced Patterns : 9.1.1 - 10.0 http://www-01.ibm.com/support/docview.wss?uid=swg21990056 http://www-01.ibm.com/support/docview.wss?uid=swg21990060 Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 04 Oct 2016 : Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --- Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2016-0359, CVE-2016-3092, CVE-2016-3485) Security Bulletin Document information More support for: Watson Explorer Software version: 10.0.0, 10.0.0.1, 10.0.0.2, 10.0.0.3, 11.0.0, 11.0.0.1, 11.0.0.2, 11.0.0.3 Operating system(s): AIX, Linux, Windows Software edition: Advanced Reference #: 1990062 Modified date: 2016-10-05 Summary Security vulnerabilities have been identified in IBM Watson Explorer Analytical Components, IBM Watson Content Analytics, and OmniFind Enterprise Edition. Not all vulnerabilites affect all products and versions. Vulnerability Details CVEID: CVE-2016-0359 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially- crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111929 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114336 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2016-3485 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. CVSS Base Score: 2.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions To see which vulnerabilities apply to your product and version, see the applicable row in the following table. Affected Product Affected Versions Applicable Vulnerabilities Watson Content Analytics 3.5.0.0 - 3.5.0.3 CVE-2016-3092 CVE-2016-0359 CVE-2016-3485 Watson Content Analytics 3.0.0.0 - 3.0.0.6 CVE-2016-3092 Watson Explorer Analytical Components 11.0.0.0 - 11.0.0.3 CVE-2016-3092 CVE-2016-0359 CVE-2016-3485 Watson Explorer Analytical Components 10.0.0.0 - 10.0.0.2 CVE-2016-3092 CVE-2016-0359 CVE-2016-3485 IBM Watson Explorer Annotation Administration Console 11.0.0.0 - 11.0.0.3 CVE-2016-3092 CVE-2016-0359 CVE-2016-3485 IBM Watson Explorer Annotation Administration Console 10.0.0.0 - 10.0.0.2 CVE-2016-3092 CVE-2016-0359 CVE-2016-3485 IBM OmniFind Enterprise Edition 9.1.0.0 - 9.1.0.5 CVE-2016-3092 IBM Content Analytics 2.2.0.0 - 2.2.0.3 CVE-2016-3092 Remediation/Fixes For information about fixes, see the applicable row in the following table. The table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at http://www.ibm.com/support/fixcentral/ Affected Product Affected Versions Fix Watson Content Analytics 3.5.0.0 - 3.5.0.3 Upgrade to Watson Content Analytics Version 3.5.0.4. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures. Watson Content Analytics 3.0.0.0 - 3.0.0.6 Contact IBM Support. Watson Explorer Analytical Components versions 11.0.0.0 - 11.0.0.3 Contact IBM Support. Watson Explorer Analytical Components versions 10.0.0.0 - 10.0.0.2 Contact IBM Support. IBM Watson Explorer Annotation Administration Console 11.0.0.0 - 11.0.0.3 Contact IBM Support. IBM Watson Explorer Annotation Administration Console 10.0 - 10.0.0.2 Contact IBM Support. IBM OmniFind Enterprise Edition 9.1 - 9.1.0.5 Contact IBM Support. IBM Content Analytics 2.2 - 2.2.0.3 Contact IBM Support. Workarounds and Mitigations None. Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 5 October 2016: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV/YAMYx+lLeg9Ub1AQj14g//cDXjcsz5uNvtuD5+Dn9a1kuNpw64LIJk 1aezUkvypFkIcyS81CzFyWXPiQB1YZnJlqUr2sFEOI34NHf3OBqGeYzztuZKqMtW l2jXID6Xh1Pqtx29Em+fCiJ2EAUyD+Px1ZYCupeBOSzpiXX/pysJOPhkhBAy3RGR +qNSsSaCc+QAxiFiBrVlzskQ8Zua0j6fOAsKUH+2PFf9l3d/ePCR+RjqbyaLhudi +tVhk/vFK2bRd9iQKgkroOvf7HgjyrEMvI/GGwMDeHE2QkeUSmliowQIDeDxvIoe Na+t1+VIgGf6xFsPur4DCIw3jjJde5cOa4nLk4pvBj3k5LA577ynhraLVzJwYnQc 2sOMLPpTa1TukHtWGcTTQCXxuYantQNGMebwpvRfT/cxMq8I1GMuYvqp6ciPG6Ai Y0UqHm9hcCerOw5QmdxHQE9/UAkNh2VZyVAe8SkJ+t8s1sB95TKwgxwEGVGm2cP6 HFiWl/tjfb/e/BFhTIWPrYybWVsHUWONRAfzzAC6qzXV0T4YawZJ+ElsXVxFB9PB 0mKyCIH7oAuMyf7dMKAZvwbpNBWGFjtN3Lz4aEycQCd/nHPd6WeAxUB9FPOUbEsN SrL4BYc31Ol5W+tVicVRFf4iJBqzue+Q9k6voUUX2hlihQWANhIAPnkwxvydgp57 N0dNqQxS9XU= =3fO8 -----END PGP SIGNATURE-----