Lucene search

K
ibmIBMD7F5135F5917DEC79A3EC5F40696F566955841FB3632FC8C822946EC528790B3
HistoryJun 09, 2022 - 7:30 a.m.

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

2022-06-0907:30:44
www.ibm.com
3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

Summary

Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Vulnerability Details

CVEID:CVE-2020-17530
**DESCRIPTION:**Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192743 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Content Collector for Email 4.0.x

Remediation/Fixes

Product VRM Remediation
Content Collector for Email 4.0.1 Use Content Collector for Email 4.0.1.14-IBM-ICC-IF004
Content Collector for File Systems 4.0.1 Use Content Collector for File Systems 4.0.1.14-IBM-ICC-IF004
Content Collector for Microsoft SharePoint 4.0.1 Use Content Collector for Microsoft SharePoint 4.0.1.14-IBM-ICC-IF004
Content Collector for IBM Connections 4.0.1 Use Content Collector for IBM Connections 4.0.1.14-IBM-ICC-IF004

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

Related for D7F5135F5917DEC79A3EC5F40696F566955841FB3632FC8C822946EC528790B3