4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
A version of Apache Santuario XML Security for Java shipped with Cúram is vulnerable to a denial of service attack. Customers that use xmlsec.jar to secure web services may be affected.
CVEID:_ _CVE-2013-4517__ __
DESCRIPTION:
Apache Santuario XML Security for Java is vulnerable to a denial of service, caused by an out of memory error when allowing Document Type Definitions (DTDs). A remote attacker could exploit this vulnerability via XML Signature transforms to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89891 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cúram Social Program Management
All products are affected when running code releases 5.0, 5.2, 5.2 SP1, 5.2 SP4, 5.2 SP4 DE, 5.2 SP5, 5.2 SP6, 6.0 SP2, 6.0.3.0, 6.0.4.0, 6.0.4.3, 6.0.4.4, 6.0.4.5, 6.0.5.2, 6.0.5.3, 6.0.5.4.
Product
| VRMF | Remediation/First Fix
—|—|—
Cúram SPM | 5.0 | Visit IBM Fix Central and upgrade to EP17
Cúram SPM | 5.2 | Visit IBM Fix Central and upgrade to EP3
Cúram SPM | 5.2 SP1 | Visit IBM Fix Central and upgrade to EP17
Cúram SPM | 5.2 SP4 | Visit IBM Fix Central and upgrade to EP24
Cúram SPM | 5.2 SP4 DE | Visit IBM Fix Central and upgrade to EP11
Cúram SPM | 5.2 SP5 | Visit IBM Fix Central and upgrade to EP4
Cúram SPM | 5.2 SP6 | Visit IBM Fix Central and upgrade to EP5
Cúram SPM | 6.0 SP2 | Visit IBM Fix Central and upgrade to EP24
Cúram SPM | 6.0.3.0 | Visit IBM Fix Central and upgrade to iFix 8
Cúram SPM | 6.0.4.0 | Visit IBM Fix Central and upgrade to iFix 13
Cúram SPM | 6.0.4.3 | Visit IBM Fix Central and upgrade to iFix 9
Cúram SPM | 6.0.4.4 | Visit IBM Fix Central and upgrade to iFix 7
Cúram SPM | 6.0.4.5 | Visit IBM Fix Central and upgrade to iFix 5
Cúram SPM | 6.0.5.2 | Visit IBM Fix Central and upgrade to iFix 9
Cúram SPM | 6.0.5.3 | Visit IBM Fix Central and upgrade to iFix 10
Cúram SPM | 6.0.5.4 | Visit IBM Fix Central and upgrade to iFix 2
None