A vulnerability in Open Source BeanShell has been addressed by LCMS Premier
CVEID: CVE-2016-2510
DESCRIPTION: BeanShell could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using Java serialization or XStream. An attacker could exploit this vulnerability deserialize data and execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111295> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
All versions prior to 10.1.0
The issue has been fixed in IBM LCMS Premier 10.1.0. IBM recommends updating to the latest release.
Customers can download the fix from Fix Central - ‘bsh_update_all_supported.zip’<https://www-945.ibm.com/support/fixcentral/>
None