Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an Apache Zookeeper vulnerability (CVE-2019-4244)

2019-12-2008:47:33

www.ibm.com

0.005 Low

EPSS

Percentile

75.5%

JSON

Summary

IBM Operations Analytics - Log Analysis has addressed the following vulnerability in Apache ZooKeeper. CVE(s): CVE-2019-4244

Vulnerability Details

CVEID:CVE-2019-4244
DESCRIPTION:
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.1
Log Analysis	1.3.2
Log Analysis	1.3.3
Log Analysis	1.3.4
Log Analysis	1.3.5

Remediation/Fixes

Principal Product and Version(s)	Fix details
IBM Operations Analytics - Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.3.1 and 1.3.5	Upgrade from current Log Analysis version to Log Analysis 1.3.6

You can download the respective platform from Passport Advantage using part number

Part No Part Name
CC3VNEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Linux 64 bit ALL editions English
CC3VPEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 zLinux 64 bit ALL editions English
CC3VQEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Power8 ppc64le ALL editions English

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.1
ibm smartcloud analyticseq1.3.2
ibm smartcloud analyticseq1.3.3
ibm smartcloud analyticseq1.3.4
ibm smartcloud analyticseq1.3.5

Name	Operator	Version
ibm smartcloud analytics	eq	1.3.1
ibm smartcloud analytics	eq	1.3.2
ibm smartcloud analytics	eq	1.3.3
ibm smartcloud analytics	eq	1.3.4
ibm smartcloud analytics	eq	1.3.5

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for 1095994BB4F5D2D3F48C5CD31AE8ABD6A6B5F81EFA055C738E9BC18F445D23DB