Security Bulletin: A Vulnerability in IBM Java SDK affect eDiscovery Analyzer (CVE-2015-4872)

Summary

A vulnerability exists in IBM Runtime Environment Java Technology Edition, Version 6 that is used by eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates for October 2015.

Vulnerability Details

CVEID: CVE-2015-4872

DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM eDiscovery Analyzer 2.2
IBM eDiscovery Analyzer 2.2.1
IBM eDiscovery Analyzer 2.2.2

Remediation/Fixes

Product

|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—

IBM ediscovry manager|
2.2|
None|
see work around

IBM ediscovry manager|
2.2.1|
None|
see work around

IBM ediscovry manager|
2.2.2|
None| http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=2.2.2.2&platform=All&function=fixId&fixids=2.2.2.2-EDA-AIX-IF0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http
and
http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=2.2.2.2&platform=All&function=fixId&fixids=2.2.2.2-EDA-WIN-IF0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http

Workarounds and Mitigations

Mitigation is to upgrade to fixed stream: 2.2.2.
Please refer to http://www.ibm.com/support/knowledgecenter/en/SSJKLP_2.2.2/com.ibm.eda.doc/edain001.html