Lucene search

IBMD104A27010DD7B8ACF73972547C3ED76DC9CC02F83BF444CAC77480E56F8A6FE

HistorySep 29, 2022 - 1:04 p.m.

Security Bulletin: CVE-2022-21299 may affect JAXP component used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

2022-09-2913:04:34

www.ibm.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

53.4%

JSON

Summary

CVE-2022-21299 vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

Vulnerability Details

CVEID:CVE-2022-21299
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217594 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
Content Collector for IBM Connections	4.0.x
Content Collector for Microsoft SharePoint	4.0.x
Content Collector for Email	4.0.x
Content Collector for File Systems	4.0.x

Remediation/Fixes

Product	VRM	Remediation
Content Collector for Email	4.0.1	Use Content Collector for Email 4.0.1.15 Interim Fix IF001
Content Collector for File Systems	4.0.1	Use Content Collector for File Systems 4.0.1.15 Interim Fix IF001
Content Collector for Microsoft SharePoint	4.0.1	Use Content Collector for Microsoft SharePoint 4.0.1.15 Interim Fix IF001
Content Collector for IBM Connections	4.0.1	Use Content Collector for IBM Connections 4.0.1.15 Interim Fix IF001

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

CPE	Name	Operator	Version
	content collector	eq	4.0.1

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for D104A27010DD7B8ACF73972547C3ED76DC9CC02F83BF444CAC77480E56F8A6FE