Security Bulletin: IBM Content Classification Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract The Java API documentation contains a frame injection vulnerability. This is a potential issue only if the Java API documentation that is shipped with the product is hosted on a public network. Content VULNERABILITY DETAILS DESCRIPTION: HTML documentation generated by the Javadoc tool...

Security Bulletin: Vulnerabilities in Content Classification Version 8.8 due to security vulnerabilities in IBM JRE 6

Abstract Multiple security vulnerabilities in IBM Java Runtime Environment JRE can affect the security of IBM Content Classification. Content VULNERABILITY DETAILS CVE IDs: CVE-2012-5083, CVE-2012-1531 DESCRIPTION Vulnerabilities in IBM JRE Service Release 12 can impact the security of IBM Conten...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2019. Vulnerability Details CVEID: CVE-2019-10241...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification

Summary There is vulnerability in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2020. Vulnerability Details CVEID: CVE-2020-14621 DESCRIPTION: An...

Security Bulletin: IBM Content Classification is affected by a Eclipse Jetty (Publicly disclosed vulnerability)

Summary In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output. Vulnerability Details CVEID:...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU affect IBM Content Classification

Summary There is vulnerability in IBM® Runtime Environment Java™ Version 6 and Java™ 7 that is used by IBM Content Classification. This issue was disclosed as part of the IBM Java SDK updates in Jan 2020. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU affect IBM Content Classification

Summary There is vulnerability in IBM® Runtime Environment Java™ Version 6 and Java™ 7 that is used by IBM Content Classification. This issue was disclosed as part of the IBM Java SDK updates in Jan 2020. Vulnerability Details CVEID: CVE-2020-2583 DESCRIPTION: An unspecified vulnerability in Java...

Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition for IBM Content Classification

Summary CVE-2019-2949 was disclosed in the Oracle October 2019 Critical Patch Update Vulnerability Details CVEID: CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2019. Vulnerability Details CVEID: CVE-2019-11775...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details CVEID:...

Security Bulletin: Open Source Apache PDFBox Vulnerabilities in IBM Content Classification

Summary Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of...

Security Bulletin: IBM Content Classification is affected by IBM SDK, Java Technology Edition Quarterly CPU - Oct 2018 - Includes Oracle Oct 2018 CPU

Summary There is vulnerability in IBM® SDK Java Technology Edition, Version 8 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Oct 2018. Vulnerability Details CVEID: CVE-2018-3139 DESCRIPTION: An unspecified vulnerability in Oracle Java SE...

Security Bulletin: IBM Content Classification is affected by IBM SDK, Java Technology Edition Quarterly CPU - Jul 2018 - Includes Oracle Jul 2018 CPU

Summary There is vulnerability in IBM® SDK Java Technology Edition, Version 6 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2018. Vulnerability Details CVEID: CVE-2018-2973 DESCRIPTION: An unspecified vulnerability in Oracle Java SE...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification

Summary There is vulnerability in IBM® SDK Java Technology Edition, Version 6 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2582 DESCRIPTION: An unspecified vulnerability in Oracle Java SE...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10346...

Security Bulletin: IBM Content Classification is affected by a Open Source Commons FileUpload Apache Vulnerabilities

Summary IBM Content Classification has addressed the following vulnerability. Apache Commons FileUpload,could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in the DiskFileItem class of the FileUpload library. A remote attacker could...

Security Bulletin: IBM Content Classification is affected by an Open Source Eclipse Jetty Vulnerabilities

Summary IBM Content Classification has addressed the following vulnerability. Jetty could allow a remote attacker to obtain sensitive information, caused by a timing channel flaw in util/security/Password.java. By observing elapsed times before rejection of incorrect passwords, an attacker could...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Technology Edition, Version 6 and Version 7 that is used by IBM Content Classification. IBM Content Classification has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in Apr 2017. Vulnerability...

Security Bulletin: Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability (CVE-2016-0729)

Summary Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error...