7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM Sterling Control Center 5.2 utilizes Apache Xalan-Java that contains a vulnerability.
CVE-ID:_ _CVE-2014-0107
DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92023 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
This only affects IBM Sterling Control Center 5.2.01 through 5.2.11.
Product Name
| VRMF|APAR|How to acquire fix
—|—|—|—
Sterling Control Center| 5.2.12| N/A| Download and apply fix from IWM
To acquire the fix please login to IWM
For FAQs on downloading an iFix from the IWM site, see the following documentation: _
_https://www14.software.ibm.com/iwm/web/download_en_US.shtml
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm control center | eq | 5.2 |