SB2022062703 - Multiple Vulnerabilities in IBM Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Incorrect Regular Expression (CVE-ID: CVE-2022-30126)

The vulnerability allows a remote attacker to perform DoS attack.

The vulnerability exists due to improper validation in the StandardsText class. A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.

2) Resource exhaustion (CVE-ID: CVE-2022-25169)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in BPG parser. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-apache-tika-used-by-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collect/"
• https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-apache-tika-used-by-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collect/</a><br><a
• https://www.ibm.com/support/pages/node/6598383"
• https://www.ibm.com/support/pages/node/6598383</a><br><br><br></p>