Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3E2FA899FF352F675B7A07A84DDD3788FDCECA8FF1D243E4CE9426F0EFFC3291
HistoryApr 22, 2021 - 5:45 a.m.

Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2017-1000190)

2021-04-2205:45:13
www.ibm.com
7
apache solr
ibm operations analytics
log analysis
xxe vulnerability
cve-2017-1000190
ssrf
information disclosure
dos attacks
xml external entity injection
log analysis versions 1.3.1 to 1.3.6
upgrade
fix
download

EPSS

0.004

Percentile

73.3%

JSON

Summary

There is a potential XXE vulnerability in Apache Solr… This has been addressed.

Vulnerability Details

CVEID:CVE-2017-1000190
**DESCRIPTION:**SimpleXML is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to perform SSRF, information disclosure or DoS attacks.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/135088 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2

Log Analysis| 1.3.3

Log Analysis| 1.3.4

Log Analysis| 1.3.5

Log Analysis| 1.3.6

Remediation/Fixes

Principal Product and Version(s) : Fix details
IBM Operations Analytics - Log Analysis version 1.3.x Upgrade to Log Analysis version 1.3.7
Download the 1.3.7-TIV-IOALA-FP here

Workarounds and Mitigations

None

Related

nvd 1
prion 1
veracode 1
ubuntucve 1
osv 2
cvelist 1
debiancve 1
f5 1
github 1
cve 1
ibm 1
nvd
nvd
CVE-2017-1000190
2017-11-17 21:29:00
prion
prion
Design/Logic Flaw
2017-11-17 21:29:00
veracode
veracode
XML External Entity (XXE)
2017-11-20 02:25:22
ubuntucve
ubuntucve
CVE-2017-1000190
2017-11-17 00:00:00
osv
osv
SimpleXML vulnerable to XML External Entity (XXE)
2022-05-14 00:55:56
CVE-2017-1000190
2017-11-17 21:29:00
cvelist
cvelist
CVE-2017-1000190
2017-11-17 21:00:00
debiancve
debiancve
CVE-2017-1000190
2017-11-17 21:29:00
f5
f5
K02511873 : SimpleXML vulnerability CVE-2017-1000190
2018-01-04 00:00:00
github
github
SimpleXML vulnerable to XML External Entity (XXE)
2022-05-14 00:55:56
cve
cve
CVE-2017-1000190
2017-11-17 21:29:00
ibm
ibm
Log Analysis Security Bulletin List
2021-09-01 11:04:11

EPSS

0.004

Percentile

73.3%

JSON
Related for 3E2FA899FF352F675B7A07A84DDD3788FDCECA8FF1D243E4CE9426F0EFFC3291
nvd1prion1veracode1ubuntucve1osv2cvelist1debiancve1f51github1cve1ibm1