Lucene search

K
ibmIBM3155E4C578E235596C383461692E605196F27EF7EBE1510C68AECA994099E83C
HistoryAug 04, 2020 - 5:29 p.m.

Security Bulletin: Apache Log4j valunarability found in Network Performance Insight (CVE-2019-17571)

2020-08-0417:29:45
www.ibm.com
40
apache log4j
ibm network performance insight
cve-2019-17571
remote code execution
version 1.3
version 1.3.1
fixes

EPSS

0.806

Percentile

98.4%

Summary

Apache Log4j vulnerability found in Network Performance Insight (CVE-2019-17571).

Vulnerability Details

CVEID:CVE-2019-17571
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173314 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Network Performance Insight 1.3
IBM Network Performance Insight 1.3.1

Remediation/Fixes

Fix of this vulnerability can be found here.

  1. NPI 1.3.1
    Interim Fix Name: 1.3.1.0-TIV-NPI-IF0003
    Direct Interim Fix URL: http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.1.0-TIV-NPI-IF0003

  2. NPI 1.3.0
    Interim Fix Name: 1.3.0.0-TIV-NPI-IF0007
    Direct Interim Fix URL: http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.0.0-TIV-NPI-IF0007&source=SAR

Workarounds and Mitigations

None