IBM Support

Security Bulletin: Vulnerabilities in Content Classification due to security vulnerabilities in Oracle Outside In Technology and Oracle Java Development Kits

Created by Bibhudatta Mohapatra on
Published URL:
https://www.ibm.com/support/pages/node/236325
236325

Security Bulletin


Summary

Security vulnerabilities in Oracle Outside In Technology and Oracle Java Development Kits (JDKs) can affect the security of IBM Content Classification, also known as IBM InfoSphere Classification Module.

Vulnerability Details

CVE ID: CVE-2013-5791
.
DESCRIPTION:
The Oracle Outside In Microsoft Access 1.x database file parser is vulnerable to a stack-based buffer overflow. A remote attacker could exploit this vulnerability using a specially-crafted file to overflow a buffer and execute arbitrary code on the system with the privileges of the vulnerability application or victim user.

CVSS Base 10
CVSS Temporal Score See https://exchange.xforce.ibmcloud.com/vulnerabilities/87925 for the current score
CVSS Environmental Score Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-5843

DESCRIPTION:
A maliciously crafted font file can lead to a double free, which in turn could allow untrusted code to disable the security manager and execute arbitrary code. In a server context, the double free would crash the JVM process, so it could be used to launch a denial of service attack. The fix corrects the font parsing code to prevent the double free.

CVSS Base Score 10
CVSS Temporal Score See https://exchange.xforce.ibmcloud.com/vulnerabilities/87971 for the current score
CVSS Environmental Score Undefined
CVSS Vector (AV/N:AC/L:Au/N:C/C:I/C:A/C)

Affected Products and Versions

IBM Content Classification Versions 8.7 and 8.8

Remediation/Fixes

Fixes are available in Interim Fix 2. Click one of the following links for instructions on downloading and installing Interim Fix 2:

Workarounds and Mitigations

None. Install the interim fix.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSBRAM","label":"IBM Content Classification"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.8;8.7","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21661907

Page Feedback