Lucene search

K
ibmIBM4336FC2AED0E16A3782191BDC8E3E8A911656B0214970CF09EB6B4378422C51A
HistoryAug 08, 2018 - 4:13 a.m.

Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729)

2018-08-0804:13:55
www.ibm.com
12

0.031 Low

EPSS

Percentile

91.1%

Summary

IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input documents, an attacker could exploit this vulnerability to cause the library to crash or possibly execute arbitrary code on the system.

Vulnerability Details

CVEID: CVE-2016-0729**
DESCRIPTION:** Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input documents, an attacker could exploit this vulnerability to cause the library to crash or possibly execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111028 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.6

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Cloud Manager with OpenStack| 4.3.0| None| IBM Cloud Manager with Openstack 4.3 fix pack 6 ifix 4
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.3.0.6&platform=All&function=fixId&fixids=+4.3.0.6-IBM-CMWO-IF004+&includeSupersedes=0

Workarounds and Mitigations

None

0.031 Low

EPSS

Percentile

91.1%