Lucene search

K
ibmIBM06E56CC290997E95D6F591C08155856A86DA56A71433CB342733A7850323452E
HistoryNov 05, 2018 - 5:10 a.m.

Security Bulletin: Vulnerability in Apache Cassandra affects IBM Operations Analytics Predictive Insights (CVE-2018-8016)

2018-11-0505:10:01
www.ibm.com
11

0.004 Low

EPSS

Percentile

75.0%

Summary

Apache Cassandra is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE.
Note that the usage of Apache Cassandra within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that utility then you are not affected by this bulletin.

Vulnerability Details

CVEID: CVE-2018-8016 Description: Apache Cassandra could allow a remote attacker to execute arbitrary code on the system, caused by the binding of an unauthenticated JMX/RMI interface to all network interfaces. An attacker could exploit this vulnerability using an RMI request to execute arbitrary code on the system with the privileges of the victim.
CVSS Base Score: 7.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/145402&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Operations Analytics Predictive Insights v1.3.6

Remediation/Fixes

Product VRMF APAR Remediation / First Fix
IBM Operations Analytics Predictive Insights 1.3.6.1 see readme RHEL 7: https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=All&platform=All&function=fixId&fixids=1.3.6-TIV-PredictiveInsights-el7-x86_64-InterimFix001

RHEL 6: https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=All&platform=All&function=fixId&fixids=1.3.6-TIV-PredictiveInsights-el6-x86_64-InterimFix001

The readme in the downloaded artifact includes instructions about how to update the Cassandra version.

Workarounds and Mitigations

None

0.004 Low

EPSS

Percentile

75.0%

Related for 06E56CC290997E95D6F591C08155856A86DA56A71433CB342733A7850323452E