Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC2EB2F0822ED669C33500FC32C03E75432DFA2D283EA367383B6D1782C043C6D
HistoryJun 17, 2018 - 12:07 p.m.

Security Bulletin: IBM FileNet Business Process Framework is affected by a vulnerability in Apache Xalan-Java (CVE-2014-0107)

2018-06-1712:07:46
www.ibm.com
4

EPSS

0.005

Percentile

77.5%

JSON

Summary

Open Source Apache Xalan-Java could allow a remote attacker to bypass security restrictions.

Vulnerability Details

CVE ID: CVE–2014-0107

**Description:**Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes.

CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92023&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM FileNet Business Process Framework Version 4.1.0.x

Remediation/Fixes

The fix is included in Interim Fix 2 for IBM FileNet Business Process Framework 4.1.0.10. To apply the fix, you must upgrade to 4.1 Fix Pack 10 first, then download and install the Interim Fix 4.1.0.10-P8BPF-IF002. Please note that Interim Fix 2 also includes all fixes available in Interim Fix 1. The Fix Pack and Interim Fix are available from IBM Fix Central site (<http://ibm.com/support/fixcentral/&gt;)

Workarounds and Mitigations

None known, apply fixes.

Related

ubuntucve 1
nessus 17
veracode 1
securityvulns 5
ibm 19
fedora 2
openvas 19
debian 1
cvelist 1
nvd 1
redhat 16
prion 1
gentoo 1
oraclelinux 1
github 1
debiancve 1
seebug 2
amazon 1
osv 2
suse 1
f5 2
centos 1
mageia 1
cve 1
ubuntu 1
attackerkb 1
oracle 3
ubuntucve
ubuntucve
CVE-2014-0107
2014-04-15 00:00:00
nessus
nessus
RHEL 5 / 6 : xalan-j2 (RHSA-2014:0348)
2014-04-02 00:00:00
SuSE 11.3 Security Update : xalan-j2 (SAT Patch Number 9426)
2014-07-05 00:00:00
Oracle Linux 5 / 6 : xalan-j2 (ELSA-2014-0348)
2014-04-02 00:00:00
veracode
veracode
Apache Xalan Remote Code Execution
2019-01-15 08:52:31
securityvulns
securityvulns
[oCERT-2014-002] Xalan-Java insufficient secure processing
2014-03-27 00:00:00
[USN-2218-1] Xalan-Java vulnerability
2014-06-14 00:00:00
[SECURITY] [DSA 2886-1] libxalan2-java security update
2014-03-27 00:00:00
ibm
ibm
Security Bulletin: A vulnerability exists in Apache Xalan-Java prior to 2.7.2 as used in IBM Sterling Control Center 5.2 (CVE-2014-0107)
2019-12-17 22:47:42
Security Bulletin: Security exposure in IBM Cognos Incentive Compensation Management (CVE-2014-0107)
2018-06-15 22:31:28
Security Bulletin: A vulnerability exists in Apache Xalan-Java prior to 2.7.2 as used in IBM QRadar SIEM 7.1 MR2, and 7.2 MR2. (CVE-2014-0107)
2018-06-16 21:18:17
fedora
fedora
[SECURITY] Fedora 20 Update: xalan-j2-2.7.1-22.fc20
2014-04-05 04:56:01
[SECURITY] Fedora 19 Update: xalan-j2-2.7.1-22.fc19
2014-04-05 04:53:40
openvas
openvas
Fedora Update for xalan-j2 FEDORA-2014-4426
2014-04-08 00:00:00
Oracle: Security Advisory (ELSA-2014-0348)
2015-10-06 00:00:00
SUSE: Security Advisory for xalan-j2 (SUSE-SU-2014:0870-1)
2015-10-13 00:00:00
debian
debian
[SECURITY] [DSA 2886-1] libxalan2-java security update
2014-03-26 20:21:08
cvelist
cvelist
CVE-2014-0107
2014-04-15 17:00:00
nvd
nvd
CVE-2014-0107
2014-04-15 23:13:13
redhat
redhat
(RHSA-2014:0591) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update
2014-06-02 00:00:00
(RHSA-2014:0590) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update
2014-06-02 13:57:05
(RHSA-2014:0453) Important: Red Hat JBoss Enterprise Application Platform 6.2.2 security update
2014-04-30 00:00:00
prion
prion
Design/Logic Flaw
2014-04-15 23:13:00
gentoo
gentoo
Xalan-Java: Arbitrary code execution
2016-04-02 00:00:00
oraclelinux
oraclelinux
xalan-j2 security update
2014-04-01 00:00:00
github
github
Improper Authorization in Apache Xalan-Java
2022-05-13 01:05:38
debiancve
debiancve
CVE-2014-0107
2014-04-15 23:13:13
seebug
seebug
Apache Xalan-Java FEATURE_SECURE_PROCESSIN属性处理安全绕过漏洞
2014-03-27 00:00:00
Apache Xalan-Java Library安全绕过漏洞
2014-04-03 00:00:00
amazon
amazon
Important: xalan-j2
2014-04-17 23:50:00
osv
osv
xalan-j2-2.7.2-5.4 on GA media
2024-06-15 00:00:00
Improper Authorization in Apache Xalan-Java
2022-05-13 01:05:38
suse
suse
Security update for xalan-j2 (important)
2014-07-04 21:04:15
f5
f5
SOL15595 - Apache Xalan-Java vulnerability CVE-2014-0107
2014-09-15 00:00:00
K15595 : Apache Xalan-Java vulnerability CVE-2014-0107
2014-09-15 00:00:00
centos
centos
xalan security update
2014-04-02 12:17:13
mageia
mageia
Updated xalan-j2 packages fix CVE-2014-0107
2014-04-03 04:50:42
cve
cve
CVE-2014-0107
2014-04-15 23:13:13
ubuntu
ubuntu
Xalan-Java vulnerability
2014-05-21 00:00:00
attackerkb
attackerkb
CVE-2022-47966
2023-01-18 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

EPSS

0.005

Percentile

77.5%

JSON
Related for C2EB2F0822ED669C33500FC32C03E75432DFA2D283EA367383B6D1782C043C6D
ubuntucve1nessus17veracode1securityvulns5ibm19fedora2openvas19debian1cvelist1nvd1redhat16prion1gentoo1oraclelinux1github1debiancve1seebug2amazon1osv2suse1f52centos1mageia1cve1ubuntu1attackerkb1oracle3