Lucene search

K
ibmIBMBF4651008A331C7D796A1E09F830D542352CF251871DBEED396D2CE654058F5A
HistoryNov 12, 2018 - 12:55 p.m.

Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

2018-11-1212:55:02
www.ibm.com
70

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Summary

Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty.

Vulnerability Details

CVEID:CVE-2018-11776
**DESCRIPTION:*Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when using results with no namespace and its upper action configurations have no wildcard namespace. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148694&gt; for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Content Collector for Email - 4.0.1
IBM Content Collector for File Systems - 4.0.1
IBM Content Collector for SharePoint - 4.0.1
IBM Content Collector for IBM Connections - 4.0.1

Remediation/Fixes

Product VRM Remediation
IBM Content Collector for Email 4.0.1

Use IBM Content Collector for Email 4.0.1.5 Interim Fix 003

Use IBM Content Collector for Email 4.0.1.6 Interim Fix 002

Use IBM Content Collector for Email 4.0.1.7 Interim Fix 001

Use IBM Content Collector for Email 4.0.1.8 Interim Fix 007

IBM Content Collector for File Systems | 4.0.1 |

Use IBM Content Collector for File Systems 4.0.1.5 Interim Fix 003

Use IBM Content Collector for File Systems 4.0.1.6 Interim Fix 002

Use IBM Content Collector for File Systems 4.0.1.7 Interim Fix 001

Use IBM Content Collector for File Systems 4.0.1.8 Interim Fix 007

IBM Content Collector for SharePoint | 4.0.1 |

Use IBM Content Collector for SharePoint 4.0.1.5 Interim Fix 003

Use IBM Content Collector for SharePoint 4.0.1.6 Interim Fix 002

Use IBM Content Collector for SharePoint 4.0.1.7 Interim Fix 001

Use IBM Content Collector for SharePoint 4.0.1.8 Interim Fix 007

IBM Content Collector for IBM Connections | 4.0.1 |

Use IBM Content Collector IBM Connections 4.0.1.5 Interim Fix 003

Use IBM Content Collector IBM Connections 4.0.1.6 Interim Fix 002

Use IBM Content Collector IBM Connections 4.0.1.7 Interim Fix 001

Use IBM Content Collector IBM Connections 4.0.1.8 Interim Fix 007

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Related for BF4651008A331C7D796A1E09F830D542352CF251871DBEED396D2CE654058F5A