Two XML Digital Signature APIs implemented in the XMLDSigRI provider throw unexpected Exception types. An attacker could exploit this to inflict a DoS. The fix ensures that all Exceptions thrown from these APIs are wrapped in instances of javax.xml.crypto.MarshalException.
CVEID:CVE-2020-2773
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179673 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
ITNCM | 6.4.2 |
Affected Product(s) | Version(s) | Remediation |
---|---|---|
ITNCM | 6.4.2 | Upgrade to ITNCM 6.4.2 Fix Pack 14 (6.4.2.14) |
ITNCM 6.4.2 Fix Pack 14 can be downloaded from Fix Central
None