Security Bulletin: Vulnerability in Apache PDFBox Affects IBM Control Center (CVE-2019-0228)

Summary

Vulnerability in Apache PDFBox Affects IBM Control Center (CVE-2019-0228)

Vulnerability Details

CVEID:CVE-2019-0228
**DESCRIPTION:**Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160868 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Product|VRMF|iFix|

Remediation

—|—|—|—
IBM Control Center| 6.1.2.1| iFix02|

Fix Central - 6.1.2.1

Workarounds and Mitigations

None