Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832)

Summary

IBM InfoSphere Change Data Capture has addressed the following vulnerability: CVE-2015-1832 - Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.

Vulnerability Details

CVEID: CVE-2015-1832
**DESCRIPTION:*Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
CVSS Base Score: 6.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115625&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Affected Products and Versions

InfoSphere Data Replication 11.4

Remediation/Fixes

IIDR 11.4.0.2-5095 for all LUW engines

| N/A | Please download the latest release available in Fix Central: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.4&platform=All&function=all&source=fc

Workarounds and Mitigations

None