Asset Analyzer (RAA) has addressed the following vulnerability. Open Source Commons FileUpload Apache Vulnerabilities
CVEID:CVE-2016-1000031**
DESCRIPTION: *Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Asset Analyzer (RAA)
|
Affected Versions
—|—
Rational Asset Analyzer| 6.1.0.16 and previous
.
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
Rational Asset Analyzer| 6.1.0.17| --| <http://www-01.ibm.com/support/docview.wss?uid=swg27021389>
None.