7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
A vulnerability in XStream was addressed by IBM InfoSphere Information Governance Catalog, IBM InfoSphere Information Server Business Glossary, and IBM InfoSphere Information Server Business Glossary Client for Eclipse.
CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service, caused by the improper handling of attempts to create an instance of the primitive type โvoidโ during unmarshalling. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125800 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Governance Catalog: versions 9.1, 11.3, and 11.5
IBM InfoSphere Information Server Business Glossary Client for Eclipse: versions 11.3, and 11.5
IBM InfoSphere Information Server Business Glossary 9.1
IBM InfoSphere Information Server on Cloud version 11.5
Product
| VRMF|APAR|Remediation/First Fix
โ|โ|โ|โ
InfoSphere Information Governance Catalog, Business Glossary Client for Eclipse, Information Server on Cloud| 11.5| JR57991| --Apply InfoSphere Information Server version 11.5.0.2
--Apply InfoSphere Information Server 11.5 Service Pack 2
InfoSphere Information Governance Catalog, Business Glossary Client for Eclipse| 11.3| JR57991| --Apply InfoSphere Information Server version _11.3.1.2 _
--Apply InfoSphere Information Governance Catalog Security patch
InfoSphere Business Glossary| 9.1| JR57991| --Apply InfoSphere Business Glossary Security patch
Contact Technical Support:
In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P