Multiple components of IBM InfoSphere Information Server may be affected by a denial of service attack triggered by a specially crafted XML document being parsed by the XML4C parser.
CVEID:CVE-2014-8901
DESCRIPTION: IBM XML4J and XML4C contains a denial of service when an authenticated issues a specially crafted SQL query. This would cause the CPU to consume 100% of available resources and create serious performance degradation to the system.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99110 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
The following product, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 8.1 to 11.3
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server ASB Packs and Connectors| 11.3| JR52176| --Apply IBM InfoSphere Information Server version 11.3.1.1
InfoSphere Information Server ASB Packs and Connectors| 9.1| JR52176| --Apply IBM InfoSphere Information Server version 9.1.2.0
--Apply IBM InfoSphere Information Server JR52176
InfoSphere Information Server ASB Packs and Connectors| 8.7| JR52176| --Apply IBM InfoSphere Information Server version 8.7 Fix Pack 2
--Apply IBM InfoSphere Information Server JR52176
InfoSphere Information Server ASB Packs and Connectors| 8.5| JR52176| --Apply IBM InfoSphere Information Server version 8.5 Fix Pack 3
--Apply IBM InfoSphere Information Server JR52176
InfoSphere Information Server ASB Packs and Connectors| 8.1| JR52176| Contact IBM customer support.
Note: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.
None