Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM Operations Analytics - Log Analysis (CVE-2019-4243)

2019-12-2008:47:33

www.ibm.com

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

A vulnerability on unrestricted access was addressed by IBM Operations Analytics - Log Analysis.

Vulnerability Details

CVEID:CVE-2019-4243
DESCRIPTION:
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159517 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.1
Log Analysis	1.3.2
Log Analysis	1.3.3
Log Analysis	1.3.4
Log Analysis	1.3.5

Remediation/Fixes

Principal Product and Version(s)	Fix details
IBM Operations Analytics - Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.3.1 and 1.3.5	Upgrade from current Log Analysis version to Log Analysis 1.3.6

You can download the respective platform from Passport Advantage using part number

Part No Part Name

CC3VNEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Linux 64 bit ALL editions English
CC3VPEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 zLinux 64 bit ALL editions English
CC3VQEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Power8 ppc64le ALL editions English

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.1
ibm smartcloud analyticseq1.3.2
ibm smartcloud analyticseq1.3.3
ibm smartcloud analyticseq1.3.4
ibm smartcloud analyticseq1.3.5

Name	Operator	Version
ibm smartcloud analytics	eq	1.3.1
ibm smartcloud analytics	eq	1.3.2
ibm smartcloud analytics	eq	1.3.3
ibm smartcloud analytics	eq	1.3.4
ibm smartcloud analytics	eq	1.3.5

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for 9A15391E130C769CA1A49E64F8379345A4D4DD74C4B7E63037E312E2C050E4FF