SB2022061005 - Multiple vulnerabilities in IBM Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022061005

SB2022061005 - Multiple vulnerabilities in IBM Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Published: June 10, 2022

Security Bulletin ID SB2022061005
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2020-14782)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to an error in CertPath implementation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


2) Improper input validation (CVE-ID: CVE-2021-35603)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


Remediation

Install update from vendor's website.

References