Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2016 - Includes Oracle Jan 2016 CPU affect Content Collector for IBM Connections

Summary

There is vulnerabilitity in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for IBM Connections.This issue was disclosed as part of the IBM Java SDK updates in January 2016.

Vulnerability Details

CVEID: CVE-2016-0466**
DESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Content Collector for IBM Connections v3.0
Content Collector for IBM Connections v4.0
Content Collector for IBM Connections v4.0.1

Remediation/Fixes

Product

| VRM| Remediation
—|—|—
_Content Collector for __IBM _Connections| 3.0| Use Content Collector for Content Collector for IBM Connections 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
_Content Collector for __IBM _Connections| 4.0| Use Content Collector for Content Collector for IBM Connections 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
_Content Collector for __IBM _Connections| 4.0.1,
4.0.1.1,
4.0.1.2,
4.0.1.3| Use Content Collector for Content Collector for IBM Connections 4.0.1.3 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/
Content Collector for IBM Connections| 4.0.1.4| Use Content Collector for Content Collector for IBM Connections 4.0.1.4 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/

Workarounds and Mitigations

NA