Lucene search
IBM2475C1223999E8F317A78498A89C5066F0DD1F3BF1205206890E193135A95A25HistoryJun 16, 2018 - 1:43 p.m.
Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-4463)
2018-06-1613:43:12
www.ibm.com
10
0.007 Low
EPSS
Percentile
81.1%
Summary
IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities. IBM Streams has addressed this vulnerability.
Vulnerability Details
CVEID: CVE-2016-4463 **DESCRIPTION: *Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/114596 for more information
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
-
- IBM Streams Version 4.1.1.1 and earlier
- IBM InfoSphere Streams Version 4.0.1.2 and earlier
- IBM InfoSphere Streams Version 3.2.1.5 and earlier
- IBM InfoSphere Streams Version 3.1.0.7 and earlier
- IBM InfoSphere Streams Version 3.0.0.5 and earlier
- IBM InfoSphere Streams Version 2.0.0.4 and earlier
- IBM InfoSphere Streams Version 1.2.1.0
Remediation/Fixes
NOTE: Fix Packs are available on IBM Fix Central.
* **Version 4.1.1:**
* Apply [4.1.1 Fix Pack 2 (4.1.1.2) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>)
* **Version 4.0.1:**
* Apply [4.0.1 Fix Pack 3 (4.0.1.3) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>)
* **Version 3.2.1:**
* Apply [3.2.1 Fix Pack (3.2.1.6) or higher. ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=3.2.1.0&platform=All&function=all>)
* **Version 3.1.0:**
* Contact IBM Technical Support.
* **Version 3.0.0:**
* Contact IBM Technical Support.
* **Versions 1.2 and 2.0:**
* For version 1.x and 2.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm streams | eq | 1.2 | |
| ibm streams | eq | 2.0 | |
| ibm streams | eq | 3.0 | |
| ibm streams | eq | 3.1 | |
| ibm streams | eq | 3.2 | |
| ibm streams | eq | 3.2.1 | |
| ibm streams | eq | 4.0 | |
| ibm streams | eq | 4.0.1 | |
| ibm streams | eq | 4.1 | |
| ibm streams | eq | 4.1.1 |
Related
nessus
nessus
RHEL 7 : xerces-c (RHSA-2018:3335)
2018-10-31 00:00:00
Scientific Linux Security Update : xerces-c on SL7.x x86_64 (20181030)
2018-11-27 00:00:00
CentOS 7 : xerces-c (CESA-2018:3335)
2018-11-16 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in the Apache Xerces-C XML Parser library affects IBM Performance Management products (CVE-2016-4463)
2018-06-17 15:36:12
cve
cve
CVE-2016-4463
2016-07-08 19:59:01
openvas
openvas
Debian: Security Advisory (DSA-3610-1)
2016-06-28 00:00:00
F5 BIG-IP - Apache Xerces vulnerability CVE-2016-4463
2016-09-22 00:00:00
Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2018-1395)
2020-01-23 00:00:00
debiancve
debiancve
CVE-2016-4463
2016-07-08 19:59:01
oraclelinux
oraclelinux
xerces-c security update
2018-11-05 00:00:00
redhat
redhat
(RHSA-2018:3514) Moderate: xerces-c security update
2018-11-06 15:43:00
(RHSA-2018:3506) Moderate: xerces-c security update
2018-11-06 14:46:34
(RHSA-2018:3335) Moderate: xerces-c security update
2018-10-30 04:44:38
centos
centos
xerces security update
2018-11-15 18:53:50
amazon
amazon
Medium: xerces-c
2018-12-06 20:30:00
debian
debian
[SECURITY] [DSA 3610-1] xerces-c security update
2016-06-29 20:19:01
[SECURITY] [DLA 535-1] xerces-c security update
2016-06-29 20:27:56
[SECURITY] [DSA 3610-1] xerces-c security update
2016-06-29 20:19:01
ubuntucve
ubuntucve
CVE-2016-4463
2016-07-08 00:00:00
osv
osv
xerces-c - security update
2016-06-29 00:00:00
xerces-c vulnerabilities
2021-03-15 21:00:57
prion
prion
Stack overflow
2016-07-08 19:59:00
nvd
nvd
CVE-2016-4463
2016-07-08 19:59:01
archlinux
archlinux
xerces-c: denial of service
2016-07-05 00:00:00
f5
f5
SOL70191975 - Apache Xerces vulnerability CVE-2016-4463
2016-09-15 00:00:00
K70191975 : Apache Xerces vulnerability CVE-2016-4463
2016-09-15 00:00:00
redhatcve
redhatcve
CVE-2016-4463
2016-06-30 08:19:16
cvelist
cvelist
CVE-2016-4463
2016-07-08 19:00:00
freebsd
freebsd
xercesi-c3 -- multiple vulnerabilities
2016-05-09 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: xerces-c27-2.7.0-28.fc29
2019-02-13 02:48:11
[SECURITY] Fedora 23 Update: xerces-c-3.1.4-1.fc23
2016-07-06 05:56:02
[SECURITY] Fedora 22 Update: xerces-c-3.1.4-1.fc22
2016-07-06 05:52:27
ubuntu
ubuntu
Xerces-C++ vulnerabilities
2021-03-15 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
0.007 Low
EPSS
Percentile
81.1%
Related for 2475C1223999E8F317A78498A89C5066F0DD1F3BF1205206890E193135A95A25