Medium Severity

IBM Security Bulletin: eDiscovery Manager is affected by public disclosed vulnerability from Apache Poi

Share this post:

Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception.

CVE(s): CVE-2017-12626

Affected product(s) and affected version(s):

IBM eDiscovery Manager v2.2.2.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10719481
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138361

More stories

Security Bulletin: IBM Security Directory Suite is affected by security vulnerability(CVE-2018-4441)

Oct 28, 2020 8:02 pm EDT | Medium Severity

IBM Security Directory Suite (SDS VA) has addressed the following vulnerability due to remote attacks. ...read more


Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite – October 2019 CPU

Oct 28, 2020 8:02 pm EDT | Medium Severity

There are vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Security Directory Suite. The issues were disclosed as part of the IBM Java SDK updates in October 2019 and it includes the vulnerabilities details. ...read more


Security Bulletin: IBM Resilient OnPrem could allow an attacker on a restricted internal network to provide the server with a spoofed source IP address. (CVE-2020-4864)

Oct 28, 2020 8:02 pm EDT | Medium Severity

The X-Forwarded-For Header in a request can inadvertently log an incorrect IP address when connecting to specific internal networks. The affects only on-premises customers within a restricted network. ...read more