A vulnerability exists in IBM Runtime Environment Java Technology Edition, Version 6 that is used by eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVEID: CVE-2016-0363 **
DESCRIPTION:** IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. This vulnerability was originally reported as CVE-2013-3009.
CVSS Base Score: 8.1
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 _for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM eDiscovery Analyzer 2.2
IBM eDiscovery Analyzer 2.2.1
IBM eDiscovery Analyzer 2.2.2
Product | VRM | Remediation |
---|---|---|
IBM eDiscovery Analyzer 2.2 | 2.2 | See work around |
IBM eDiscovery Analyzer 2.2.1 | 2.2.1 | See work around |
IBM eDiscovery Analyzer 2.2.2 | 2.2.2 | http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=2.2.2.2&platform=All&function=fixId&fixids=2.2.2.2-EDA-AIX-IF0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http |
and
Mitigation is to upgrade to fixed stream: 2.2.2.
Please refer tohttp://www.ibm.com/support/knowledgecenter/en/SSJKLP_2.2.2/com.ibm.eda.doc/edain001.html
CPE | Name | Operator | Version |
---|---|---|---|
ediscovery analyzer | eq | 2.2.2 | |
ediscovery analyzer | eq | 2.2.1 | |
ediscovery analyzer | eq | 2.2.0.0 |