Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDA1C836B75E42E2FB996F536143556E210EC992AA28EE772F420C8E630A9779F
HistoryJun 17, 2018 - 1:01 p.m.

Security Bulletin: Multiple vulnerabilities in usage of IBM Java SDK in IBM Content Analytics with Enterprise Search and IBM OmniFind Enterprise Edition (CVE-2013-5802, CVE-2013-4002, CVE-2013-5825, CVE-2013-5372)

2018-06-1713:01:16
www.ibm.com
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM Content Analytics with Enterprise Search and IBM OmniFind Enterprise Edition products.

Vulnerability Details

CVE ID:CVE-2013-5802****

DESCRIPTION:
JRE vulnerable to denial of service attacks via malformed XML data.

CVSS:
Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87982&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID:CVE-2013-4002

DESCRIPTION:
XML parser is vulnerable to a denial of service attack, triggered by malformed XML data.

CVSS:
Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85260&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVE ID:CVE-2013-5825

DESCRIPTION:
JRE vulnerable to denial of service attacks

CVSS:
Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87988&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID:CVE-2013-5372

DESCRIPTION:
The XML4J parser is vulnerable to a denial of service attack, triggered by specially crafted XML data…

CVSS:
Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86662&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM Content Analytics with Enterprise Search (ICAwES) V3.0 and V2.2
IBM OmniFind Enterprise Edition V9.1 and V8.5

Remediation/Fixes

Product

| VRMF|APAR|How to acquire fix
—|—|—|—
ICAwES| V3.0| None.| Apply ICAwES V3.0 Fix Pack 4. See the fix pack download document.
ICAwES| V2.2| None.| Apply ICAwES V2.2 Fix Pack 3. See the fix pack download document.
OmniFind| V9.1| None.| Apply OmniFind Enterprise Edition V9.1 Fix Pack 5. See the fix pack download document.
OmniFind| V8.5| None.| Contact IBM Software Support to obtain the fix.

Workarounds and Mitigations

None.

Related

ibm 50
cve 4
prion 4
f5 6
veracode 19
ubuntucve 3
nessus 42
oraclelinux 4
fedora 3
redhat 11
atlassian 2
securityvulns 2
openvas 34
mageia 3
osv 1
github 1
amazon 3
centos 4
suse 2
ubuntu 1
ibm
ibm
Security Bulletin:Tivoli Multiple vulnerabilities in Tivoli Business Service Manager (CVE-2013-5802,CVE-2013-5825,CVE-2013-5372)
2018-06-17 14:31:27
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-4002, CVE-2013-5825, CVE-2013-5372)
2018-06-17 04:51:43
Security Bulletin:Tivoli Multiple vulnerabilities in Netcool/Impact (CVE-2013-5802,,CVE-2013-5825,CVE-2013-5372)
2018-06-17 14:31:27
cve
cve
CVE-2013-5372
2013-10-19 10:36:00
CVE-2013-5825
2013-10-16 17:55:00
CVE-2013-5802
2013-10-16 17:55:00
prion
prion
Code injection
2013-10-19 10:36:00
Design/Logic Flaw
2013-10-16 17:55:00
Design/Logic Flaw
2013-10-16 17:55:00
f5
f5
SOL53316849 - Java vulnerability CVE-2013-5802
2016-05-24 00:00:00
K53316849 : Java vulnerability CVE-2013-5802
2016-05-24 00:00:00
K16872 : Java Runtime Environment vulnerability CVE-2013-4002
2015-09-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:54:23
Sandbox Restrictions Bypass
2019-05-02 04:54:23
Denial Of Service (DoS)
2017-10-10 02:57:26
ubuntucve
ubuntucve
CVE-2013-5802
2013-10-16 00:00:00
CVE-2013-5825
2013-10-16 00:00:00
CVE-2013-4002
2013-10-16 00:00:00
nessus
nessus
Scientific Linux Security Update : xerces-j2 on SL6.x i386/x86_64 (20140929)
2014-09-30 00:00:00
RHEL 7 : JBoss EAP (RHSA-2014:1822)
2014-11-11 00:00:00
F5 Networks BIG-IP : Java Runtime Environment vulnerability (SOL16872)
2015-09-14 00:00:00
oraclelinux
oraclelinux
xerces-j2 security update
2014-09-29 00:00:00
java-1.6.0-openjdk security update
2013-11-05 00:00:00
java-1.7.0-openjdk security update
2013-10-21 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: xerces-j2-2.11.0-22.fc21
2014-09-23 05:03:54
[SECURITY] Fedora 19 Update: xerces-j2-2.11.0-15.fc19
2014-09-25 10:33:09
[SECURITY] Fedora 20 Update: xerces-j2-2.11.0-17.fc20
2014-09-25 10:44:24
redhat
redhat
(RHSA-2014:1822) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update
2014-11-06 16:38:07
(RHSA-2014:1818) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update
2014-11-06 00:00:00
(RHSA-2014:1821) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update
2014-11-06 00:00:00
atlassian
atlassian
Denial of Service attack through vulnerable Xerces-J library
2015-06-19 06:43:36
Denial of Service attack through vulnerable Xerces-J library
2015-06-19 06:43:36
securityvulns
securityvulns
xerces-j DoS
2014-10-14 00:00:00
[ MDVSA-2014:193 ] xerces-j2
2014-10-14 00:00:00
openvas
openvas
CentOS Update for xerces-j2 CESA-2014:1319 centos7
2014-10-01 00:00:00
CentOS Update for xerces-j2 CESA-2014:1319 centos6
2014-10-01 00:00:00
Fedora Update for xerces-j2 FEDORA-2014-10626
2014-10-01 00:00:00
mageia
mageia
Updated xerces-j2 packages fix CVE-2013-4002
2014-10-07 13:22:51
Updated java-1.6.0-openjdk package fixes multiple vulnerabilities
2013-11-13 23:05:43
Updated java-1.7.0-openjdk package fixes security vulnerabilities
2013-11-13 23:03:04
osv
osv
Missing XML Validation in Apache Xerces2
2022-05-13 01:01:06
github
github
Missing XML Validation in Apache Xerces2
2022-05-13 01:01:06
amazon
amazon
Medium: xerces-j2
2014-10-28 17:13:00
Important: java-1.6.0-openjdk
2013-11-05 13:35:00
Critical: java-1.7.0-openjdk
2013-10-23 15:22:00
centos
centos
xerces security update
2014-09-30 10:18:46
java security update
2013-11-05 20:45:16
java security update
2013-10-22 07:41:01
suse
suse
Security update for IBM Java 5 (important)
2013-11-14 16:04:15
Security update for OpenJDK 7 (important)
2013-11-13 15:04:17
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-11-21 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for DA1C836B75E42E2FB996F536143556E210EC992AA28EE772F420C8E630A9779F
ibm50cve4prion4f56veracode19ubuntucve3nessus42oraclelinux4fedora3redhat11atlassian2securityvulns2openvas34mageia3osv1github1amazon3centos4suse2ubuntu1