Lucene search

K
ibmIBM86B993D6503E34FB9416A4008E2B835C55F8299FC3EA8C2C75569BF05DE5B981
HistoryJun 16, 2018 - 1:48 p.m.

Security Bulletin: A vulnerability in XStream affects IBM InfoSphere Information Governance components

2018-06-1613:48:38
www.ibm.com
10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

A vulnerability in XStream was addressed by IBM InfoSphere Information Governance Catalog, IBM InfoSphere Information Server Business Glossary, and IBM InfoSphere Information Server Business Glossary Client for Eclipse.

Vulnerability Details

CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service, caused by the improper handling of attempts to create an instance of the primitive type โ€˜voidโ€™ during unmarshalling. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125800 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Governance Catalog: versions 9.1, 11.3, and 11.5
IBM InfoSphere Information Server Business Glossary Client for Eclipse: versions 11.3, and 11.5
IBM InfoSphere Information Server Business Glossary 9.1
IBM InfoSphere Information Server on Cloud version 11.5

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
โ€”|โ€”|โ€”|โ€”
InfoSphere Information Governance Catalog, Business Glossary Client for Eclipse, Information Server on Cloud| 11.5| JR57991| --Apply InfoSphere Information Server version 11.5.0.2
--Apply InfoSphere Information Server 11.5 Service Pack 2
InfoSphere Information Governance Catalog, Business Glossary Client for Eclipse| 11.3| JR57991| --Apply InfoSphere Information Server version _11.3.1.2 _
--Apply InfoSphere Information Governance Catalog Security patch
InfoSphere Business Glossary| 9.1| JR57991| --Apply InfoSphere Business Glossary Security patch

Contact Technical Support:
In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for 86B993D6503E34FB9416A4008E2B835C55F8299FC3EA8C2C75569BF05DE5B981