Lucene search

IBMFC6296A9B395EBAE0CB415D0A216FB8D4651AD896A534D3F21A75885E306030C

HistoryJun 24, 2022 - 2:50 p.m.

Security Bulletin: Multiple Vulnerabilities found in Apache Tika used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

2022-06-2414:50:39

www.ibm.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

38.5%

JSON

Summary

Multiple Vulnerabilities found in Apache Tika used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Vulnerability Details

CVEID:CVE-2022-30126
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the StandardsText class in the StandardsExtractingContentHandler. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226628 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-25169
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by improper input validation in the BPG parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Content Collector for IBM Connections	4.0.1
Content Collector for File Systems	4.0.1
Content Collector for Email	4.0.1
Content Collector for Microsoft SharePoint	4.0.1

Remediation/Fixes

Product	VRM	Remediation
Content Collector for Email	4.0.1	Use Content Collector for Email 4.0.1.15-IBM-ICC-FP015
Content Collector for File Systems	4.0.1	Use Content Collector for File Systems 4.0.1.15-IBM-ICC-FP015
Content Collector for Microsoft SharePoint	4.0.1	Use Content Collector for Microsoft SharePoint 4.0.1.15-IBM-ICC-FP015
Content Collector for IBM Connections	4.0.1	Use Content Collector for IBM Connections 4.0.1.15-IBM-ICC-FP015

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

CPE	Name	Operator	Version
	content collector	eq	4.0.1

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

38.5%

JSON

Related for FC6296A9B395EBAE0CB415D0A216FB8D4651AD896A534D3F21A75885E306030C