Security Bulletin: Vulnerability in MetadataExtractor used by Apache Solr affect IBM Operations Analytics - Log Analysis Analysis (CVE-2019-14262)

2021-10-0406:58:44

www.ibm.com

0.001 Low

EPSS

Percentile

45.6%

JSON

Summary

The vulnerability in MetadataExtractor 2.1.0 allows stack consumption. This has been addressed.

Vulnerability Details

CVEID:CVE-2019-14262
**DESCRIPTION:**MetadataExtractor is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165392 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.1
Log Analysis	1.3.2
Log Analysis	1.3.3
Log Analysis	1.3.4
Log Analysis	1.3.5
Log Analysis	1.3.6
Log Analysis	1.3.7

Remediation/Fixes

Principal Product and Version(s) :	Fix details
IBM Operations Analytics - Log Analysis version 1.3.x

Upgrade to Log Analysis version 1.3.7 Fix Pack 1
Download the 1.3.7-TIV-IOALA-FP1

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.1
ibm smartcloud analyticseq1.3.2
ibm smartcloud analyticseq1.3.3
ibm smartcloud analyticseq1.3.4
ibm smartcloud analyticseq1.3.5
ibm smartcloud analyticseq1.3.6
ibm smartcloud analyticseq1.3.7

Name	Operator	Version
ibm smartcloud analytics	eq	1.3.1
ibm smartcloud analytics	eq	1.3.2
ibm smartcloud analytics	eq	1.3.3
ibm smartcloud analytics	eq	1.3.4
ibm smartcloud analytics	eq	1.3.5
ibm smartcloud analytics	eq	1.3.6
ibm smartcloud analytics	eq	1.3.7

0.001 Low

EPSS

Percentile

45.6%

JSON

Related for 32507529B3C14DD9C6D8B5C92443D4E352D9FCA0BE20108244CE5FA65DCC581C