5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
A vulnerability exists in IBM Runtime Environment Java Technology Edition, Version 6 that is used by eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates for October 2015.
CVEID: CVE-2015-4872
DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
IBM eDiscovery Analyzer 2.2
IBM eDiscovery Analyzer 2.2.1
IBM eDiscovery Analyzer 2.2.2
Product
|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM ediscovry manager|
2.2|
None|
see work around
IBM ediscovry manager|
2.2.1|
None|
see work around
IBM ediscovry manager|
2.2.2|
None| http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=2.2.2.2&platform=All&function=fixId&fixids=2.2.2.2-EDA-AIX-IF0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http
and
http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=2.2.2.2&platform=All&function=fixId&fixids=2.2.2.2-EDA-WIN-IF0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http
Mitigation is to upgrade to fixed stream: 2.2.2.
Please refer to http://www.ibm.com/support/knowledgecenter/en/SSJKLP_2.2.2/com.ibm.eda.doc/edain001.html
CPE | Name | Operator | Version |
---|---|---|---|
ediscovery analyzer | eq | 2.2.2 | |
ediscovery analyzer | eq | 2.2.1 | |
ediscovery analyzer | eq | 2.2.0.0 |