Lucene search

IBM55283B08D88C232381BB1E9484F194601EF856C8DCA2C424DC5AB95FB216AC5F

HistorySep 29, 2022 - 1:07 p.m.

Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

2022-09-2913:07:02

www.ibm.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.6%

JSON

Summary

Multiple Vulnerabilities found in Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Vulnerability Details

CVEID:CVE-2021-36373
**DESCRIPTION:**Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205311 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-36374
**DESCRIPTION:**Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205314 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Content Collector for Email	4.0.x
Content Collector for File Systems	4.0.x
Content Collector for Microsoft SharePoint	4.0.x
Content Collector for IBM Connections	4.0.x

Remediation/Fixes

Product	VRM	Remediation
Content Collector for Email	4.0.1	Use Content Collector for Email 4.0.1.15-IBM-ICC-IF001
Content Collector for File Systems	4.0.1	Use Content Collector for File Systems 4.0.1.15-IBM-ICC-IF001
Content Collector for Microsoft SharePoint	4.0.1	Use Content Collector for Microsoft SharePoint 4.0.1.15-IBM-ICC-IF001
Content Collector for IBM Connections	4.0.1	Use Content Collector for IBM Connections 4.0.1.15-IBM-ICC-IF001

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

CPE	Name	Operator	Version
	content collector	eq	4.0.1

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.6%

JSON

Related for 55283B08D88C232381BB1E9484F194601EF856C8DCA2C424DC5AB95FB216AC5F