IBM Algo One - Counterparty Credit Risk could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. (Advsory 8335)
CVE-ID:CVE-2017-5648
Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system.
CVSS Base Score: 5.3
Upgrade to the latest version of Tomcat (7.0.76, 8.0.42, 8.5.12, 9.0.0.M18 or later), available from the Apache Web site
Algo One - Counterparty Credit Risk (CCR) versions 5.1.0 and 5.0.0.
Product Name
| iFix Name|Remediation/First Fix
—|—|—
Algo One - CCR| 510-220| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.3-Algo-One-RTCE-RHEL-fp0220:0&includeSupersedes=0&source=fc&login=true
Algo One - CCR| 500-370| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.8-2-Algo-One-RTCE-if0370:0&includeSupersedes=0&source=fc&login=true