7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM Content Analytics with Enterprise Search and IBM OmniFind Enterprise Edition products.
CVE ID:CVE-2013-5802****
DESCRIPTION:
JRE vulnerable to denial of service attacks via malformed XML data.
CVSS:
Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87982> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE ID:CVE-2013-4002
DESCRIPTION:
XML parser is vulnerable to a denial of service attack, triggered by malformed XML data.
CVSS:
Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85260> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVE ID:CVE-2013-5825
DESCRIPTION:
JRE vulnerable to denial of service attacks
CVSS:
Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87988> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE ID:CVE-2013-5372
DESCRIPTION:
The XML4J parser is vulnerable to a denial of service attack, triggered by specially crafted XML data…
CVSS:
Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86662> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
IBM Content Analytics with Enterprise Search (ICAwES) V3.0 and V2.2
IBM OmniFind Enterprise Edition V9.1 and V8.5
Product
| VRMF|APAR|How to acquire fix
—|—|—|—
ICAwES| V3.0| None.| Apply ICAwES V3.0 Fix Pack 4. See the fix pack download document.
ICAwES| V2.2| None.| Apply ICAwES V2.2 Fix Pack 3. See the fix pack download document.
OmniFind| V9.1| None.| Apply OmniFind Enterprise Edition V9.1 Fix Pack 5. See the fix pack download document.
OmniFind| V8.5| None.| Contact IBM Software Support to obtain the fix.
None.