Lucene search

K
ibmIBMFBFEA5EF43BC9C309ACAF565179869AA0039FDAA3ACC80FA73069A002E54D0EB
HistoryJun 17, 2018 - 12:17 p.m.

Security Bulletin: eDiscovery Manager -OpenSource Apache Taglibs Vulnerability (CVE-2015-0254)

2018-06-1712:17:03
www.ibm.com
11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary

OpenSource Apache Taglibs Vulnerability

Vulnerability Details

C****VEID: CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101550 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM eDiscovery Manager Version 2.2.2

Remediation/Fixes

Product

| VRM|Remediation
—|—|—
IBM eDiscovery Manager Version 2.2.2| 2.2.2| http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=2.2.2.2&platform=All&function=fixId&fixids=2.2.2.2-EDA-AIX-IF0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http

and

http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=2.2.2.2&platform=All&function=fixId&fixids=2.2.2.2-EDA-WIN-IF0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http

Workarounds and Mitigations

NA

CPENameOperatorVersion
ediscovery managereq2.2.2

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P