Security Bulletin: Vulnerabilities in Content Classification Version 8.8 due to security vulnerabilities in IBM JRE 6

VULNERABILITY DETAILS

CVE IDs: CVE-2012-5083, CVE-2012-1531

DESCRIPTION
Vulnerabilities in IBM JRE Service Release 12 can impact the security of IBM Content Classification Version 8.8. Fixes are available in IBM Content Classification Version 8.8 Interim Fix 1.

CVE ID: CVE-2012-5083

CVSS Base Score 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79412
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2012-1531

CVSS Base Score 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79413
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)


AFFECTED PRODUCT AND VERSION:
IBM Content Classification Version 8.8


REMEDIATION:
Fixes are available in IBM Content Classification Version 8.8 Interim Fix 1. For instructions on downloading and installing Interim Fix 1, see the IBM Content Classification Version 8.8 Interim Fix 1 download document.


MITIGATION:
None. Install the interim fix.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.