Lucene search

K
ibmIBM85F3575108B28F994EC929109C85FE5F69A208C2D92E99C8F3925B2E33FBBA31
HistoryAug 30, 2019 - 7:48 a.m.

Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 - Includes Oracle Apr 2016 affect IBM Content Collector for File Systems

2019-08-3007:48:35
www.ibm.com
8

5.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.7%

Summary

There is vulnerability in IBM® Runtime Environment Java™ Version 6 and Java™ Version 7 that is used by Content Collector for File Systems. This issue was disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID:CVE-2016-0264
**DESCRIPTION:*A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110867&gt; for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Content Collector for File Systems v3.0
IBM Content Collector for File Systems v4.0
IBM Content Collector for File Systems v4.0.1

Remediation/Fixes

Product

| VRM| Remediation
—|—|—
IBM Content Collector for File Systems| 3.0| Use Content Collector for IBM Content Collector for File Systems 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
IBM Content Collector for File Systems| 4.0| Use Content Collector for IBM Content Collector for File Systems 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
IBM Content Collector for File Systems| 4.0.1,
4.0.1.1,
4.0.1.2,
4.0.1.3| Use Content Collector for IBM Content Collector for File Systems 4.0.1.3 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/
IBM Content Collector for File Systems| 4.0.1.4| Use Content Collector for IBM Content Collector for File Systems 4.0.1.4 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/

Workarounds and Mitigations

NA

CPENameOperatorVersion
content collectoreq4.0.1

5.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.7%

Related for 85F3575108B28F994EC929109C85FE5F69A208C2D92E99C8F3925B2E33FBBA31