Lucene search

IBMC1665B917241F885B0AE510D4A1EA41A2EA1420C9B7AB9EDE95D0610AEE78443

HistoryDec 01, 2023 - 3:47 p.m.

Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2022-29181, CVE-2022-23476)

2023-12-0115:47:53

www.ibm.com

logstash

ibm operations analytics

log analysis

vulnerabilities

cve-2022-29181

cve-2022-23476

nokogiri

denial of service

xml

html4

cvss

remediation

log version 1.3.8

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

7.6 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

68.4%

JSON

Summary

There are multple nokogiri vulnerabilities in Logstash that effect IBM Operations Analytics - Log Analysis. These have been addressed.

Vulnerability Details

CVEID:CVE-2022-29181
**DESCRIPTION:**Nokogiri is vulnerable to a denial of service, caused by improper handling of unexpected data types by the XML and HTML4 SAX parsers. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227134 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

CVEID:CVE-2022-23476
**DESCRIPTION:**Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a NULL pointer dereference flaw due to unchecked return value from xmlTextReaderExpand in the method Nokogiri::XML::Reader#attribute_hash. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241804 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.5.3
Log Analysis	1.3.6.0
Log Analysis	1.3.6.1
Log Analysis	1.3.7.0
Log Analysis	1.3.7.1
Log Analysis	1.3.7.2

Remediation/Fixes

Principal Product and Version(s)	Fix details
IBM Operations Analytics - Log Analysis version 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1 and 1.3.7.2	Use Log Analysis version 1.3.8. You can download the release from Passport Advantage. Part number:
M0GJREN IBM Operations Analytics Log Analysis v1.3.8 Linux 64 bit
M0GJSEN IBM Operations Analytics Log Analysis v1.3.8 zLinux 64 bit
M0GJTEN IBM Operations Analytics Log Analysis v1.3.8 Power8 ppc64le

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm operations analytics - log analysiseq1.3.5.3
ibm operations analytics - log analysiseq1.3.6.0
ibm operations analytics - log analysiseq1.3.6.1
ibm operations analytics - log analysiseq1.3.7.0
ibm operations analytics - log analysiseq1.3.7.1
ibm operations analytics - log analysiseq1.3.7.2

Name	Operator	Version
ibm operations analytics - log analysis	eq	1.3.5.3
ibm operations analytics - log analysis	eq	1.3.6.0
ibm operations analytics - log analysis	eq	1.3.6.1
ibm operations analytics - log analysis	eq	1.3.7.0
ibm operations analytics - log analysis	eq	1.3.7.1
ibm operations analytics - log analysis	eq	1.3.7.2