Lucene search

IBMA4F89E129D088C09044569C9E9A3916B181E6A272F8B4CFF310F5292BDECB651

HistoryNov 03, 2022 - 8:27 a.m.

Security Bulletin: Vulnerability from Eclipse Jetty affect IBM Operations Analytics - Log Analysis (CVE-2022-2048)

2022-11-0308:27:42

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

50.3%

JSON

Summary

Eclipse Jetty HTTP/2 server shipped with Log Analysis is vulnerable to denial of service

Vulnerability Details

CVEID:CVE-2022-2048
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending specially-crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause the server to become unresponsive, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230670 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.7.0
Log Analysis	1.3.7.1
Log Analysis	1.3.7.2

Remediation/Fixes

Version	Fix details
IBM Operations Analytics - Log Analysis version 1.3.7.0, 1.3.7.1, 1.3.7.2	Upgrade to Log Analysis version 1.3.7.2 Interim Fix 1. Download the 1.3.7.2-TIV-IOALA-IF001. For Log Analysis prior to 1.3.7.2, upgrade to 1.3.7-TIV-IOALA-FP2 before installing this fix.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.7.0
ibm smartcloud analyticseq1.3.7.1
ibm smartcloud analyticseq1.3.7.2

Name	Operator	Version
ibm smartcloud analytics	eq	1.3.7.0
ibm smartcloud analytics	eq	1.3.7.1
ibm smartcloud analytics	eq	1.3.7.2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

50.3%

JSON

Related for A4F89E129D088C09044569C9E9A3916B181E6A272F8B4CFF310F5292BDECB651