{"id":2909,"date":"2025-05-05T06:32:51","date_gmt":"2025-05-05T06:32:51","guid":{"rendered":"http:\/\/localhost\/?p=2909"},"modified":"2025-05-05T06:32:51","modified_gmt":"2025-05-05T06:32:51","slug":"security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-java-technology-edition-for-content-collec","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2909","title":{"rendered":"Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK, Java\u2122 Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK, Java\u2122 Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint<\/td>\n<\/tr>\n
Type<\/th>\nibm<\/td>\n<\/tr>\n
Published<\/th>\n2025-05-05T09:24:10<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-05-05T10:56:45<\/td>\n<\/tr>\n
CVSS Score<\/th>\n7.8 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nLOCAL<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nLOW<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nUNCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2025-1470, CVE-2025-1471<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ## Summary<\/p>\n

IBM Java:Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnurabilities on z\/OS<\/p>\n

## Vulnerability Details<\/p>\n

**CVEID:**CVE-2025-1470
\n**DESCRIPTION:** In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z\/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.
\n**CWE:**CWE-476: NULL Pointer Dereference
\n**CVSS Source:** NVD
\n**CVSS Base score:** 5.5
\n**CVSS Vector:**(CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2025-1471
\n**DESCRIPTION:** In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z\/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.
\n**CWE:**CWE-787: Out-of-bounds Write
\n**CVSS Source:** NVD
\n**CVSS Base score:** 7.8
\n**CVSS Vector:**(CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H)<\/p>\n

## Affected Products and Versions<\/p>\n

Affected Product(s)| Version(s)
\n—|—
\nContent Collector for File Systems| 4.0.1
\nContent Collector for Email| 4.0.1
\nContent Collector for Microsoft SharePoint| 4.0.1 <\/p>\n

## Remediation\/Fixes<\/p>\n

**Product** | **VRM**| **Remediation**
\n—|—|—
\nContent Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.16 Interim Fix IF002
\nContent Collector for File Systems| 4.0.1| Use Content Collector for File Systems 4.0.1.16 Interim Fix IF002
\nContent Collector for Microsoft SharePoint| 4.0.1| Use Content Collector for Microsoft SharePoint 4.0.1.16 Interim Fix IF002 <\/p>\n

## Workarounds and Mitigations<\/p>\n

None<\/p>\n

##\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n7.8<\/td>\n<\/tr>\n
Severity<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n