Security Bulletin: Vulnerability in jersey affect Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis (CVE-2014-3643)

2021-04-2006:19:28

www.ibm.com

0.002 Low

EPSS

Percentile

53.4%

JSON

Summary

There is a potential XXE vulnerability in jersey that affects Apache Zookeeper

Vulnerability Details

CVEID:CVE-2014-3643
**DESCRIPTION:**Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by jersey SAX parser. By sending a specially-crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174788 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.1
Log Analysis	1.3.2

Log Analysis| 1.3.3

Log Analysis| 1.3.4

Log Analysis| 1.3.5

Log Analysis| 1.3.6

Remediation/Fixes

Principal Product and Version(s) :	Fix details
IBM Operations Analytics - Log Analysis version 1.3.x	Upgrade to Log Analysis version 1.3.7
Download the 1.3.7-TIV-IOALA-FP here

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.

CPE	Name	Operator	Version
	ibm smartcloud analytics	eq	1.3.

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for D1F05C061D240AD8360B87EECAB950152D239C029B4B05C21B639EAD69EF0917