Lucene search

K
ibmIBM14D5845326705FBAAD23A23263B727D1734C312F54ACC3B31B0CD4B44040B7F7
HistoryOct 20, 2022 - 11:30 a.m.

Security Bulletin: Vulnerability found in Apache Xalan Java XSLT library may affect IBM Enterprise Records

2022-10-2011:30:21
www.ibm.com
18

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.3%

Summary

IBM Enterprise Records may be affected by vulnerability found in Apache Xalan Java XSLT library.

Vulnerability Details

CVEID:CVE-2022-34169
**DESCRIPTION:**The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231488 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Enterprise Records 5.2.x

Remediation/Fixes

Product VRM Remediation
IBM Enterprise Records 5.2.1

Use IBM Enterprise Records 5.2.1.8 IF002

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmenterprise_recordsMatch5.2.1
CPENameOperatorVersion
enterprise recordseq5.2.1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.3%