Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2016 - Includes Oracle Jan 2016 CPU affect Content Collector for Microsoft SharePoint

Summary

There is vulnerability in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ 7 that is used by Content Collector for Content Collector for Microsoft SharePoint.This issue was disclosed as part of the IBM Java SDK updates in January 2016

Vulnerability Details

CVEID: CVE-2016-0466**
DESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Content Collector for Microsoft SharePoint v3.0
Content Collector for Microsoft SharePoint v4.0
Content Collector for Microsoft SharePoint v4.0.1

Remediation/Fixes

Product

| VRM| Remediation
—|—|—
IBM Content Collector for Microsoft SharePoint| 3.0| Use Content Collector for IBM Content Collector for Microsoft SharePoint 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
IBM Content Collector for Microsoft SharePoint| 4.0| Use Content Collector for IBM Content Collector for Microsoft SharePoint 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
IBM Content Collector for Microsoft SharePoint| 4.0.1,
4.0.1.1,
4.0.1.2,
4.0.1.3| Use Content Collector for IBM Content Collector for Microsoft SharePoint 4.0.1.3 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/
IBM Content Collector for Microsoft SharePoint| 4.0.1.4| Use Content Collector for IBM Content Collector for Microsoft SharePoint 4.0.1.4 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/

Workarounds and Mitigations

NA