Lucene search

IBM436B8DE4392654D7FCBC9CFB7ED512DE84E9F297AFC0B09CDAF8FDC4EFD8F33E

HistorySep 04, 2023 - 11:18 a.m.

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

2023-09-0411:18:29

www.ibm.com

ibm sdk

java technology

quarterly cpu update

content collector

vulnerability

oracle

graalvm

jsse

remote attacker

availability impact

integrity impact

confidentiality impact

eclipse openj9

buffer overflow

bounds checking

interim fix.

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.002 Low

EPSS

Percentile

51.8%

JSON

Summary

Multiple vulnerabilities were disclosed in the Oracle April 2023 Quarterly CPU Update.

Vulnerability Details

CVEID:CVE-2023-21930
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253115 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2023-21967
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote attacker to cause high availability impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253156 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21938
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Libraries component could allow a remote attacker to cause integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253155 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-2597
**DESCRIPTION:**Eclipse Openj9 is vulnerable to a buffer overflow, caused by improper bounds checking by the getCachedUTFString() function. By using specially crafted input, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255906 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Content Collector for File Systems	4.0.1
Content Collector for Email	4.0.1
Content Collector for Microsoft SharePoint	4.0.1

Remediation/Fixes

Product

| VRM|Remediation
—|—|—
Content Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.15 Interim Fix IF006
Content Collector for File Systems| 4.0.1| Use Content Collector for File Systems 4.0.1.15 Interim Fix IF006
Content Collector for Microsoft SharePoint| 4.0.1| Use Content Collector for Microsoft SharePoint 4.0.1.15 Interim Fix IF006

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcontent_collectorMatch4.0.0

ibmcontent_collectorMatch4.0.1

CPENameOperatorVersion
ibm content collectoreq4.0.0
ibm content collectoreq4.0.1

CPE	Name	Operator	Version
	ibm content collector	eq	4.0.0
	ibm content collector	eq	4.0.1

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for 436B8DE4392654D7FCBC9CFB7ED512DE84E9F297AFC0B09CDAF8FDC4EFD8F33E