Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM61401A5B67CA4796AA87501A9E782A490CAC7FAE8FDC4B1F678C5BC40EBFF727
HistoryApr 16, 2021 - 5:14 a.m.

Security Bulletin: Vulnerability with Apache Tika in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-8017)

2021-04-1605:14:12
www.ibm.com
4

0.0005 Low

EPSS

Percentile

18.0%

JSON

Summary

There is a potential vulnerability in Apache Tika that affects Apache Solr

Vulnerability Details

CVEID:CVE-2018-8017
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by an error in the IptcAnpaParser. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/150099 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6

Remediation/Fixes

Principal Product and Version(s) : Fix details
IBM Operations Analytics - Log Analysis version 1.3.x

Upgrade to Log Analysis version 1.3.7
Download the 1.3.7-TIV-IOALA-FP here

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.

Related

osv 2
veracode 1
github 1
ubuntucve 1
redhatcve 1
debiancve 1
cve 1
openvas 1
prion 1
nvd 1
cvelist 1
ibm 3
osv
osv
Comparison errorr in org.apache.tika:tika-core
2018-10-17 15:50:31
CVE-2018-8017
2018-09-19 14:29:02
veracode
veracode
Denial Of Service (DoS)
2018-09-20 02:42:30
github
github
Comparison errorr in org.apache.tika:tika-core
2018-10-17 15:50:31
ubuntucve
ubuntucve
CVE-2018-8017
2018-09-19 00:00:00
redhatcve
redhatcve
CVE-2018-8017
2018-09-24 21:21:06
debiancve
debiancve
CVE-2018-8017
2018-09-19 14:29:02
cve
cve
CVE-2018-8017
2018-09-19 14:29:02
openvas
openvas
Apache Tika Server 'IptcAnpaParser' Denial of Service Vulnerability
2018-09-27 00:00:00
prion
prion
Code injection
2018-09-19 14:29:00
nvd
nvd
CVE-2018-8017
2018-09-19 14:29:02
cvelist
cvelist
CVE-2018-8017
2018-09-19 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017,  CVE-2018-11796)
2019-07-10 15:05:01
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
2022-01-11 21:02:17
Log Analysis Security Bulletin List
2021-09-01 11:04:11

0.0005 Low

EPSS

Percentile

18.0%

JSON
Related for 61401A5B67CA4796AA87501A9E782A490CAC7FAE8FDC4B1F678C5BC40EBFF727
osv2veracode1github1ubuntucve1redhatcve1debiancve1cve1openvas1prion1nvd1cvelist1ibm3