Lucene search

K
ibmIBM77CE729955C639856E4B82368F1A80123E289EE9ADBA4B2D00CD85052FAB5820
HistoryJun 17, 2018 - 12:18 p.m.

Security Bulletin: IBM Content Classification is affected by an Open Source Eclipse Jetty Vulnerabilities

2018-06-1712:18:37
www.ibm.com
5

EPSS

0.003

Percentile

69.6%

Summary

IBM Content Classification has addressed the following vulnerability. Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information.

Vulnerability Details

CVEID:CVE-2017-9735**
DESCRIPTION: *Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could exploit this vulnerability to obtain access information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127842 for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Content Classification v8.8

Remediation/Fixes

Product

| VRM|Remediation
—|—|—
IBM Content Classification| 8.8| Use IBM Content Classification 8.8 Interim Fix 0009

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm content classificationeq8.8

EPSS

0.003

Percentile

69.6%