Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LCMS Premier (CVE-2016-2510)

Summary

A vulnerability in Open Source BeanShell has been addressed by LCMS Premier

Vulnerability Details

CVEID: CVE-2016-2510
DESCRIPTION: BeanShell could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using Java serialization or XStream. An attacker could exploit this vulnerability deserialize data and execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111295&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

All versions prior to 10.1.0

Remediation/Fixes

The issue has been fixed in IBM LCMS Premier 10.1.0. IBM recommends updating to the latest release.

Customers can download the fix from Fix Central - ‘bsh_update_all_supported.zip’<https://www-945.ibm.com/support/fixcentral/&gt;

Workarounds and Mitigations

None