Security Bulletin:Vulnerabilities in Open Source James Clark Expat affect IBM Netezza Analytics

Summary

Open Source James Clark Expat is consumed by IBM Netezza Analytics and is vulnerable to denial of service. IBM Netezza Analytics has addressed the applicable CVEs

Vulnerability Details

CVEID: CVE-2013-0340**
DESCRIPTION:** Expat is vulnerable to a denial of service, caused by the improper handling of internal entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132738&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-0341**
DESCRIPTION:** Expat is vulnerable to a denial of service, caused by the improper handling of external entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132741&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Affected Products and Versions

• IBM Netezza Analytics 1.2.1 - 3.2.1

Remediation/Fixes

Workarounds and Mitigations

None