Lucene search

K
ibmIBMCB01E6853C64C288BE80DDE27064824F3B99801B8CD6E6B5203368FB629091EC
HistoryMar 03, 2023 - 5:55 a.m.

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to dom4j

2023-03-0305:55:34
www.ibm.com
22
ibm spectrum control
dom4j
code execution
vulnerability
remote attacker
arbitrary code
input validation

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.003

Percentile

70.9%

Summary

Vulnerability in dom4j allows remote attacker to execute arbitrary code on the system may affect IBM Spectrum Control.

Vulnerability Details

**CVEID:**CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Control 5.4

Remediation/Fixes

Release First Fixing VRM Level Link to Fix
5.4 5.4.10 https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmspectrum_controlMatch5.4
VendorProductVersionCPE
ibmspectrum_control5.4cpe:2.3:a:ibm:spectrum_control:5.4:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.003

Percentile

70.9%