IBM Support

IV89787: SECURITY APAR CVE-2016-2932 XML INJECTION VULNERABILITY IN IBM BIGFIX REMOTE CONTROL

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • IBM BigFix Remote Control could allow a remote attacker to
    modify the syntax, content, or commands of the XML before it is
    processed by an end system. IBM BigFix Remote Control has
    remediated this vulnerability.
    
    CVE ID: CVE-2016-2932
    

Local fix

  • not available
    

Problem summary

Problem conclusion

  • This fix is included in the IBM BigFix Remote Control 9.1.3
    application update.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV89787

  • Reported component name

    TIV EP MGR REM

  • Reported component ID

    5725C43RC

  • Reported release

    910

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-10-07

  • Closed date

    2016-10-11

  • Last modified date

    2016-10-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIV EP MGR REM

  • Fixed component ID

    5725C43RC

Applicable component levels

  • R910 PSN

       UP



Document information

More support for: IBM BigFix family

Software version: 910

Reference #: IV89787

Modified date: 11 October 2016