Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM891B4D78167DE4ADC0669B35B68A3727DCA24EE354F4316FA717B1948E19BC70
HistoryJun 16, 2018 - 2:07 p.m.

Security Bulletin: Multiple IBM InfoSphere Information Server components are affected by a vulnerability in the XML4C parser (CVE-2014-8901)

2018-06-1614:07:35
www.ibm.com
4

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Summary

Multiple components of IBM InfoSphere Information Server may be affected by a denial of service attack triggered by a specially crafted XML document being parsed by the XML4C parser.

Vulnerability Details

CVEID:CVE-2014-8901

DESCRIPTION: IBM XML4J and XML4C contains a denial of service when an authenticated issues a specially crafted SQL query. This would cause the CPU to consume 100% of available resources and create serious performance degradation to the system.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99110 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Affected Products and Versions

The following product, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 8.1 to 11.3

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server ASB Packs and Connectors| 11.3| JR52176| --Apply IBM InfoSphere Information Server version 11.3.1.1
InfoSphere Information Server ASB Packs and Connectors| 9.1| JR52176| --Apply IBM InfoSphere Information Server version 9.1.2.0
--Apply IBM InfoSphere Information Server JR52176
InfoSphere Information Server ASB Packs and Connectors| 8.7| JR52176| --Apply IBM InfoSphere Information Server version 8.7 Fix Pack 2
--Apply IBM InfoSphere Information Server JR52176
InfoSphere Information Server ASB Packs and Connectors| 8.5| JR52176| --Apply IBM InfoSphere Information Server version 8.5 Fix Pack 3
--Apply IBM InfoSphere Information Server JR52176
InfoSphere Information Server ASB Packs and Connectors| 8.1| JR52176| Contact IBM customer support.

Note: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.

Workarounds and Mitigations

None

Related

ibm 3
cve 1
prion 1
openvas 1
nessus 4
ibm
ibm
Security Bulletin: IBM® DB2® XML Query Will Cause Excessive CPU Usage (CVE-2014-8901)
2018-06-16 13:08:42
Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by denial of service vulnerability (CVE-2014-8901)
2020-03-23 20:41:52
Security Bulletin: Vulnerabilities in IBM DB2 for Linux, UNIX, and Windows affects IBM PureData System for Transactions (CVE-2014-6209, CVE-2014-6210, CVE-2014-8901)
2018-06-16 13:58:15
cve
cve
CVE-2014-8901
2014-12-18 16:59:00
prion
prion
Design/Logic Flaw
2014-12-18 16:59:00
openvas
openvas
IBM Db2 Multiple Denial of Service Vulnerabilities
2015-01-08 00:00:00
nessus
nessus
IBM DB2 10.5 < Fix Pack 5 Multiple DoS Vulnerabilities
2015-04-16 00:00:00
IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)
2016-04-15 00:00:00
IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)
2015-07-18 00:00:00

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON
Related for 891B4D78167DE4ADC0669B35B68A3727DCA24EE354F4316FA717B1948E19BC70
ibm3cve1prion1openvas1nessus4