IBM5D0EF01A9559B5552716917BA193D1298820848516CB3AAE2B74F8B32EA9B337

HistoryApr 14, 2021 - 8:43 p.m.

Security Bulletin: IBM Security Guardium is affected by an Apache Xalan-Java library vulnerability (CVE-2014-0107)

2021-04-1420:43:23

www.ibm.com

ibm security guardium

apache xalan-java

vulnerability

cve-2014-0107

updates

version 11.0

version 11.1

security restrictions

remote attacker

bypass

handling

output properties

cvss base

cvss temporal

cvss vector

fixed

updates

product

versions

fixes

EPSS

0.005

Percentile

77.5%

JSON

Summary

IBM Security Guardium has fixed this vulnerability.

Vulnerability Details

CVEID:CVE-2014-0107
**DESCRIPTION:**Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/92023 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Guardium	11.0

IBM Security Guardium| 11.1

Remediation/Fixes

Product	Versions	Fix
IBM Security Guardium	11.0
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p35_Bundle_Mar-30-2021&includeSupersedes=0&source=fc
IBM Security Guardium	11.1
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p130_Bundle_Feb-19-2021&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

EPSS

0.005

Percentile

77.5%

JSON

Related for 5D0EF01A9559B5552716917BA193D1298820848516CB3AAE2B74F8B32EA9B337