Lucene search

K
ibmIBM8D57B207EF797507DB54C94949AC945BC3BC51DC9A1FFEB48E699F21910C68F2
HistoryJun 17, 2018 - 10:33 p.m.

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition are affected by James Clark Expat Vulnerabilities

2018-06-1722:33:38
www.ibm.com
14

0.005 Low

EPSS

Percentile

76.9%

Summary

IBM Cloud Orchestrator has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2013-0340**
DESCRIPTION:** expat is vulnerable to a denial of service, caused by the improper handling of internal entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132738 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-0341**
DESCRIPTION:** expat is vulnerable to a denial of service, caused by the improper handling of external entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132741 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Affected IBM Cloud Orchestrator

|

Affected Versions

—|—
IBM Cloud Orchestrator| 2.5
IBM Cloud Orchestrator| 2.4
br>
br>

Remediation/Fixes

Fix delivery details for IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition:

Product VRMF Remediation/First Fix
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1 IFix1, V2.5.0.2, V2.5.0.3, V2.5.0.4, V2.5.0.5 For 2.5 versions, upgrade to Fix Pack 6 (2.5.0.6) of IBM Cloud Orchestrator.
<http://www-01.ibm.com/support/docview.wss?uid=swg2C4000066&gt;
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4 For 2.4 versions, IBM recommends upgrading to Fix Pack 5 (2.4.0.5) of IBM Cloud Orchestrator.
<http://www-01.ibm.com/support/docview.wss?uid=swg2C4000063&gt;
br>
br>

Workarounds and Mitigations

None

0.005 Low

EPSS

Percentile

76.9%