Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

May 5, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
Type ibm
Published 2025-05-05T09:24:10
Last Seen 2025-05-05T10:56:45
CVSS Score 7.8 (HIGH)

CVSS v3 Details

Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

CVE Information

CVE IDs CVE-2025-1470, CVE-2025-1471
CWE
Bulletin Family software

Description

## Summary

IBM Java:Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnurabilities on z/OS

## Vulnerability Details

**CVEID:**CVE-2025-1470
**DESCRIPTION:** In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.
**CWE:**CWE-476: NULL Pointer Dereference
**CVSS Source:** NVD
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2025-1471
**DESCRIPTION:** In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.
**CWE:**CWE-787: Out-of-bounds Write
**CVSS Source:** NVD
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
Content Collector for File Systems| 4.0.1
Content Collector for Email| 4.0.1
Content Collector for Microsoft SharePoint| 4.0.1

## Remediation/Fixes

**Product** | **VRM**| **Remediation**
—|—|—
Content Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.16 Interim Fix IF002
Content Collector for File Systems| 4.0.1| Use Content Collector for File Systems 4.0.1.16 Interim Fix IF002
Content Collector for Microsoft SharePoint| 4.0.1| Use Content Collector for Microsoft SharePoint 4.0.1.16 Interim Fix IF002

## Workarounds and Mitigations

None

##

Impact Assessment

Base Score 7.8
Severity HIGH

View full CVE details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.