Lucene search

IBM6F77F80EE3AB09F7D1E3FF7C55920CDAC0C2065B8D946835C616112F8BE43DEE

HistoryMay 08, 2023 - 8:35 a.m.

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar

2023-05-0808:35:39

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.129 Low

EPSS

Percentile

95.5%

JSON

Summary

Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces_2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces_2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities.

Vulnerability Details

CVEID:CVE-2012-0881
**DESCRIPTION:**Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker could exploit this vulnerability to consume available CPU resources from the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/134404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2009-2625
**DESCRIPTION:**Sun Java Runtime Environment (JRE) is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote attacker could exploit this vulnerability using specially-crafted XML input, to cause the application to enter into an infinite loop and hang.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/53082 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2022-23437
**DESCRIPTION:**Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duration.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217982 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Atlas eDiscovery Process Management	6.0.3

Remediation/Fixes

_ Product_

_ VRMF_

_ Remediation/First Fix_

—|—|—

Atlas eDiscovery Process Management

6.0.3

Apply Fix Pack 6.0.3.9 Interim fix 7, available from Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
atlas ediscovery process managementeq6.0.3.9

CPE	Name	Operator	Version
	atlas ediscovery process management	eq	6.0.3.9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.129 Low

EPSS

Percentile

95.5%

JSON

Related for 6F77F80EE3AB09F7D1E3FF7C55920CDAC0C2065B8D946835C616112F8BE43DEE