Lucene search

IBMFB87FDC8DB024F40688977F60C5BA7D61ADAE742A49005053FCB79EE4240F6AE

HistoryApr 06, 2021 - 1:52 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

2021-04-0613:52:03

www.ibm.com

0.004 Low

EPSS

Percentile

74.6%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections.

Vulnerability Details

CVEID:CVE-2020-14803
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190121 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-27221
**DESCRIPTION:**Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Content Collector for IBM Connections	4.0.1.x

Remediation/Fixes

Product	VRM	Remediation
Content Collector for Email	4.0.1	Use Content Collector for Email 4.0.1.11 Interim Fix IF002
Content Collector for File Systems	4.0.1	Use Content Collector for File Systems 4.0.1.11 Interim Fix IF002
Content Collector for Microsoft SharePoint	4.0.1	Use Content Collector for Microsoft SharePoint 4.0.1.11 Interim Fix IF002
Content Collector for IBM Connections	4.0.1	Use Content Collector for IBM Connections 4.0.1.11 Interim Fix IF002

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.0
content collectoreq4.0.1

CPE	Name	Operator	Version
	content collector	eq	4.0.0
	content collector	eq	4.0.1

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for FB87FDC8DB024F40688977F60C5BA7D61ADAE742A49005053FCB79EE4240F6AE