Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in MyFaces for WebSphere Application Server

Summary

Content Collector for Email has addressed following vulnerability: WebSphere Application Server could allow a remote attacker to obtain sensitive information because of improper error handling by MyFaces.

Vulnerability Details

CVEID:CVE-2017-1583**
DESCRIPTION: *IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132342 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Content Collector for Email 3.0.0
Content Collector for Email 4.0.0
Content Collector for Email 4.0.1

Remediation/Fixes

Product

| VRM|Remediation
—|—|—
Content Collector for Email | 3.0.0| Use Content Collector for Email 4.0.1.8 Interim Fix 001
Content Collector for Email | 4.0.0| Use Content Collector for Email 4.0.1.8 Interim Fix 001
Content Collector for Email | 4.0.1| Use Content Collector for Email 4.0.1.8 Interim Fix 001

Follow steps in the Readme file in 4.0.1.8 Interim Fix 001 to install the fix applicable to your version.