Lucene search

K
ibmIBM1DF411F3EAB6CE51C43D788D0B6D2A129F41EF7ED55CA86EAB12ECBBF0E597DA
HistoryJun 17, 2018 - 11:42 a.m.

Security Bulletin: Vulnerability in IBM Content Classification (CVE-2013-5879, CVE-2014-0411)

2018-06-1711:42:17
www.ibm.com
10

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

Summary

CVE-2013-5879 Oracle Outside In Technology Outside In Maintenance unauthorized access

CVE-2014-0411 A vulnerability exists in IBM SDK Java™ Technology Edition Version 6 that is shipped with IBM Content Classification. It is related to the Java™ Secure Socket Extension component.

Vulnerability Details

CVE-2013-5879

DESCRIPTION
An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Maintenance component could allow a local attacker to cause a denial of service or possibly be used by a remote attacker to execute code on server installations.

CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90282 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-0411
DESCRIPTION
Timing differences based on the validity of messages can be exploited to decrypt the
entire session. The exploit is not trivial, requiring a man-in-the-middle position and a
long time (around 20 hours). The fix eliminates the timing differences.

CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90357&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

IBM Content Classification 8.8

IBM InfoSphere Classification Module 8.7

Remediation/Fixes

For Content Classification 8.8 download Fix Pack 1 from Fix Central. For instructions, see:
IBM Content Classification Version 8.8 Fix Pack 1

For IBM InfoSphere Classification Module 8.7 download iFix 3 from Fix Central. For instructions see:
IBM InfoSphere Classification Module Version 8.7 Interim Fix 3

Workarounds and Mitigations

None

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

Related for 1DF411F3EAB6CE51C43D788D0B6D2A129F41EF7ED55CA86EAB12ECBBF0E597DA