IBM06E56CC290997E95D6F591C08155856A86DA56A71433CB342733A7850323452ESecurity Bulletin: Vulnerability in Apache Cassandra affects IBM Operations Analytics Predictive Insights (CVE-2018-8016)
0.004 Low
EPSS
Percentile
75.0%
Summary
Apache Cassandra is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE.
Note that the usage of Apache Cassandra within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that utility then you are not affected by this bulletin.
Vulnerability Details
CVEID: CVE-2018-8016 Description: Apache Cassandra could allow a remote attacker to execute arbitrary code on the system, caused by the binding of an unauthenticated JMX/RMI interface to all network interfaces. An attacker could exploit this vulnerability using an RMI request to execute arbitrary code on the system with the privileges of the victim.
CVSS Base Score: 7.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/145402> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM Operations Analytics Predictive Insights v1.3.6
Remediation/Fixes
| Product | VRMF | APAR | Remediation / First Fix |
|---|---|---|---|
| IBM Operations Analytics Predictive Insights | 1.3.6.1 | see readme | RHEL 7: https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=All&platform=All&function=fixId&fixids=1.3.6-TIV-PredictiveInsights-el7-x86_64-InterimFix001 |
The readme in the downloaded artifact includes instructions about how to update the Cassandra version.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm operations analytics - predictive insights | eq | 1.3.6 |
Related
0.004 Low
EPSS
Percentile
75.0%