Lucene search

K
ibmIBMCC1037BD0D9F0BF18455D3D0CD4FC06D384EB60816EBDE2EEE853DDB99544F8D
HistoryNov 21, 2022 - 11:57 a.m.

Security Bulletin: IBM Operations Analytics - Log Analysis susceptible to vulnerability in Apache Tika (CVE-2022-25169)

2022-11-2111:57:04
www.ibm.com
9

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

20.7%

Summary

Apache Tika shipped with IBM Operations Analytics - Log Analysis is vulnerable to denial of service,. This has been fixed.

Vulnerability Details

CVEID:CVE-2022-25169
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by improper input validation in the BPG parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Log Analysis 1.3.7.2

Remediation/Fixes

Version Fix details
IBM Operations Analytics - Log Analysis version 1.3.7.2 Upgrade to Log Analysis version 1.3.7.2 Interim Fix 1. Download the 1.3.7.2-TIV-IOALA-IF001.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.7.2

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

20.7%

Related for CC1037BD0D9F0BF18455D3D0CD4FC06D384EB60816EBDE2EEE853DDB99544F8D