Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2016 - Includes Oracle Jan 2016 CPU affect Content Collector for File Systems

Summary

There is vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ 7 that is used by Content Collector for File Systems.These issues were disclosed as part of the IBM Java SDK updates in January 2016.

Vulnerability Details

CVEID: CVE-2016-0466**
DESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Content Collector for File Systems v3.0
Content Collector for File Systems v4.0
Content Collector for File Systems v4.0.1

Remediation/Fixes

Product

| VRM| Remediation
—|—|—
Content Collector for File Systems | 3.0| Use Content Collector for Content Collector for File Systems 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
Content Collector for File Systems | 4.0| Use Content Collector for Content Collector for File Systems 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
Content Collector for File Systems| 4.0.1,
4.0.1.1,
4.0.1.2,
4.0.1.3| Use Content Collector for Content Collector for File Systems 4.0.1.3 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/
Content Collector for File Systems| 4.0.1.4| Use Content Collector for Content Collector for File Systems 4.0.1.4 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/

Workarounds and Mitigations

NA