Security Bulletin: Content Collector for Email - OpenSource Oracle Outside In Technology Vulnerabilities (CVE-2015-4808 CVE-2015-6013 CVE-2015-6014 CVE-2015-6015 CVE-2016-0432)

Summary

OpenSource Oracle Outside In Technology Vulnerabilities

Vulnerability Details

CVEID: CVE-2015-4808**
DESCRIPTION:** An unspecified vulnerability in the Oracle Outside In Technology Outside In Filters component could allow a local or remote attacker to cause a denial of service or possibly execute arbitrary code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109802 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-6013**
DESCRIPTION:** Oracle Outside In Technology Outside In Filters component is vulnerable to a stack-based buffer overflow when handling WK4 files. A local or remote attacker could exploit this vulnerability using a specially crafted file to cause a denial of service and possibly execute arbitrary code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109803 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-6014**
DESCRIPTION:** Oracle Outside In Technology Outside In Filters component is vulnerable to a stack-based buffer overflow when handling doc files. A local or remote attacker could exploit this vulnerability using a specially crafted file to cause a denial of service and possibly execute arbitrary code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109804 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-6015**
DESCRIPTION:** Oracle Outside In Technology Outside In Filters component is vulnerable to a stack-based buffer overflow when handling Paradox DB files. A local or remote attacker could exploit this vulnerability using a specially crafted file to cause a denial of service and possibly execute arbitrary code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110005 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2016-0432**
DESCRIPTION:** An unspecified vulnerability in the Oracle Outside In Technology Outside In Filters component could allow a local or remote attacker to attacker to cause a denial of service and possibly execute arbitrary code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109805 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Effective CVSS Score: (score will update after page submission) 6.80

Affected Products and Versions

Content Collector for Email v4.0
Content Collector for Email v4.0.1

Remediation/Fixes

Product

| VRM| Remediation
—|—|—
Content Collector for Email | 4.0| _Use _Content Collector for Email 4.0 -IF3-IF8 available at https://www-933.ibm.com/support/fixcentral/
Content Collector for Email | 4.0.1| _Use _Content Collector for Email 4.0.1 available at https://www-933.ibm.com/support/fixcentral/

Workarounds and Mitigations

NA