Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM eDiscovery Analyzer

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in January 2015.

Vulnerability Details

CVEID: CVE-2014-6593**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2015-0410**
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM eDiscovery Analyzer Version 2.1
IBM InfoSphere eDiscovery Analyzer Version 2.1.1
IBM eDiscovery Analyzer Version 2.2
IBM eDiscovery Analyzer Version 2.2.1
IBM eDiscovery Analyzer Version 2.2.2

Remediation/Fixes

For versions 2.2.1.1 and 2.2.2.1, the recommended solution is to apply the available fix as soon as practical. Contact IBM Support if you are using versions 2.1, 2.1.1 or 2.2.

Go to Fix Central site(eDiscovery Analyzer) and install the fix applicable to the version that you have installed and your platform.

• 2.2.1.1 Interim Fix 3
• 2.2.2.2 Interim Fix 1

Workarounds and Mitigations

None