IBM Security Bulletin: IBM Tivoli Netcool Configuration Manager, Open Source Apache Xalan-Java vulnerability (CVE-2014-0107)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirttivoli
0 Comments | 748 Visits
Apache Xalan-Java is included as separate JAR files for the compliance component which could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes.
· Affected releases/versions/platforms: 6.2.x, 6.3.x, 6.4.x