IBM Algo One - Algo Risk Application could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. (Advsory 8335)
CVE-ID:CVE-2017-5648
Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system.
CVSS Base Score: 5.3
Upgrade to the latest version of Tomcat (7.0.76, 8.0.42, 8.5.12, 9.0.0.M18 or later), available from the Apache Web site
Algo One - Algo Risk Application (ARA) versions 5.1.0, 5.0.0, 4.9.1.
Apache Tomcat is not packaged with Algo One - Algo Risk Application 5.1.0.
Product Name
| iFix Name|Remediation/First Fix
—|—|—
Algo One - ARA| 5.1.0 (no ARA ifix)| If you are using Algo One - Algo Risk Application 5.1.0, update to Apache Tomcat 7.0.77 or greater to address and remediate this vulnerability.
Algo One - ARA| 5.0.0.6-18| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-19-Algo-One-ARA-if0371:0&includeSupersedes=0&source=fc&login=true
Algo One - ARA| 4.9.1.1-24| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-24-Algo-One-ARA-if0052:0&includeSupersedes=0&source=fc&login=true
Algo One - ARA| 4.9.1.0-19| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-19-Algo-One-ARA-if0053:0&includeSupersedes=0&source=fc&login=true