Lucene search
IBM8DF11DAC74B941E028406FBD4428FAFF29BBC9D3C30A7B862622BE5A58455B52HistoryApr 15, 2021 - 1:18 p.m.
Security Bulletin: Vulnerability in Apache PDFBox affect Apache Solr shipped IBM Operations Analytics - Log Analysis Analysis (CVE-2018-11797)
2021-04-1513:18:09
www.ibm.com
10
0.001 Low
EPSS
Percentile
47.3%
Summary
There is a potential Input Validation vulnerability in Apache PDFBox that affects Apache Solr.
Vulnerability Details
CVEID:CVE-2018-11797
**DESCRIPTION:**Apache PDFBox is vulnerable to a denial of service, caused by a flaw when parsing the page tree. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/150898 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Log Analysis | 1.3.1 |
| Log Analysis | 1.3.2 |
| Log Analysis | 1.3.3 |
| Log Analysis | 1.3.4 |
| Log Analysis | 1.3.5 |
| Log Analysis | 1.3.6 |
Remediation/Fixes
| Principal Product and Version(s) : | Fix details |
|---|---|
| IBM Operations Analytics - Log Analysis version 1.3.x | Upgrade to Log Analysis version 1.3.7 |
| Download the 1.3.7-TIV-IOALA-FP here |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm smartcloud analytics | eq | 1.3. |
Related
nessus
nessus
openSUSE Security Update : apache-pdfbox (openSUSE-2019-924)
2019-03-27 00:00:00
openSUSE Security Update : apache-pdfbox (openSUSE-2018-1422)
2018-11-19 00:00:00
Debian DLA-1547-1 : libpdfbox-java security update
2018-10-17 00:00:00
cve
cve
CVE-2018-11797
2018-10-05 20:29:00
openvas
openvas
Debian: Security Advisory (DLA-1547-1)
2018-10-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3755-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for apache-pdfbox (openSUSE-SU-2018:3798-1)
2018-11-17 00:00:00
ibm
ibm
Security Bulletin: IBM FileNet Content Manager and IBM Enterprise Content Management Text Search security vulnerability in Apache PDFBox
2019-02-14 19:50:01
github
github
debiancve
debiancve
CVE-2018-11797
2018-10-05 20:29:00
osv
osv
libpdfbox-java - security update
2018-10-16 00:00:00
redhatcve
redhatcve
CVE-2018-11797
2018-10-09 11:19:11
suse
suse
Security update for apache-pdfbox (moderate)
2018-11-17 00:11:34
Security update for apache-pdfbox (moderate)
2018-10-24 15:18:40
veracode
veracode
Denial Of Service (DoS)
2018-10-08 06:26:50
cvelist
cvelist
CVE-2018-11797
2018-10-05 00:00:00
prion
prion
Code injection
2018-10-05 20:29:00
nvd
nvd
CVE-2018-11797
2018-10-05 20:29:00
ubuntucve
ubuntucve
CVE-2018-11797
2018-10-05 00:00:00
debian
debian
[SECURITY] [DLA 1547-1] libpdfbox-java security update
2018-10-16 16:02:22
fedora
fedora
[SECURITY] Fedora 29 Update: pdfbox-2.0.16-1.fc29
2019-09-09 08:07:18
[SECURITY] Fedora 31 Update: pdfbox-2.0.16-1.fc31
2019-09-14 16:39:49
[SECURITY] Fedora 30 Update: pdfbox-2.0.16-1.fc30
2019-09-09 07:34:18
redhat
redhat
(RHSA-2020:3192) Important: Red Hat Fuse 7.7.0 release and security update
2020-07-28 15:50:16
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
0.001 Low
EPSS
Percentile
47.3%
Related for 8DF11DAC74B941E028406FBD4428FAFF29BBC9D3C30A7B862622BE5A58455B52