IBME298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501Log Analysis Security Bulletin List
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Question
Is there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis?
Answer
Log Analysis is made up of several components. The following table contains security bulletins that address the vulnerability of various
components in Log Analysis, listed by release.
1.3.7 | CVE-2018-1000613
CVE-2016-1000342
CVE-2016-1000344
CVE-2016-1000345
CVE-2016-1000339
CVE-2016-1000346
CVE-2016-1000338
CVE-2016-1000343
CVE-2016-1000340
CVE-2016-1000352
CVE-2015-6644
CVE-2016-1000341
CVE-2018-1000180 | Apache Solr |
1.3.7 | CVE-2018-14718
CVE-2018-14719
CVE-2018-19362
CVE-2018-14721
CVE-2018-11307
CVE-2019-16335
CVE-2018-19361
CVE-2018-14720
CVE-2018-19360
CVE-2019-14540
CVE-2019-14379
CVE-2018-12023
CVE-2019-14439
CVE-2019-12814
CVE-2018-12022
CVE-2018-5968
CVE-2019-12384
CVE-2019-12086 | Apache Solr |
1.3.7 | Internal Vulnerability | Apache Solr | Vulnerabilities from Apache Commons Fileupload: Apache Solr (Lucene)
The class FileUploadBase in Apache Commons Fileupload before 1.4 has potential resource leak - InputStream not closed on exception.
1.3.7 | Internal Vulnerability | Apache Solr,
Log Analysis | Apache Solr (Lucene) and Unity are vulnerable to Apache commons-codec
1.3.7 | CVE-2013-4002
CVE-2012-0881
CVE-2009-2625 | Apache Solr | Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Xerces2
1.3.7 | CVE-2018-10237 | Apache Solr | Security Bulletin: A vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-10237)
1.3.7 | CVE-2018-1000632 | Apache Solr | Security Bulletin: dom4j Vulnerability in Apache Solr shipped with IBM Operations Analytics - Log Analysis Analysis (CVE-2018-1000632)
1.3.7 | CVE-2018-11761
CVE-2018-17197
CVE-2019-10088
CVE-2019-10094
CVE-2018-11796 | Apache Solr | Security Bulletin: Multiple vulnerabilities in Apache Tika affects Apache Solr shipped with IBM Operations Analytics - Log Analysis
1.3.7 | CVE-2018-8017 | Apache Solr | Security Bulletin: Vulnerability with Apache Tika in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-8017)
1.3.7 | CVE-2018-11797 | Apache Solr | Security Bulletin: Vulnerability in Apache PDFBox affect Apache Solr shipped IBM Operations Analytics - Log Analysis Analysis (CVE-2018-11797)
1.3.7 | CVE-2018-8036 | Apache Solr | Security Bulletin: Vulnerability in Apache PDFBox affects Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2018-8036)
1.3.6 FP001 | Internal Vulnerability | Log Analysis | Security Bulletin: Content Spoofing vulnerability in IBM Operations Analytics - Log Analysis
1.3.6 FP001 | Internal Vulnerability | Log Analysis | Security Bulletin: Insecure Path Attribute in IBM Operations Analytics - Log Analysis (CSRFToken , LtpaToken2)
1.3.6 FP001 | Internal Vulnerability | Log Analysis | Security Bulletin: Cross site Scripting (Reflected) vulnerability in IBM Operations Analytics - Log Analysis
1.3.6 FP001 | Internal Vulnerability | Log Analysis | Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics - Log Analysis (pre-login scenario)
1.3.6 FP001 | CVE-2017-3164 | Apache Solr | Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2017-3164)
1.3.6 IF001 | Internal Vulnerability | Log Analysis | Security Bulletin: Query Parameter in SSL vulnerability in IBM Operations Analytics - Log Analysis
1.3.6 | CVE-2019-4216 | WebSphere Application Server Liberty | Security Bulletin: IBM Operations Analytics - Log Analysis is vulnerable to potential Host Header Injection (CVE-2019-4216)
1.3.6 | CVE-2019-4243 | Apache Solr | Security Bulletin: A vulnerability in Apache Solr (Lucene) affects IBM Operations Analytics - Log Analysis (CVE-2019-4243)
1.3.6 | CVE-2019-4215 | WebSphere Application Server Liberty | Security Bulletin: Clickjacking vulnerability in IBM Operations Analytics - Log Analysis (CVE-2019-4215)
1.3.6 | CVE-2019-4214 | WebSphere Application Server Liberty | Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie
1.3.6 | CVE-2019-4244 | Apache Zookeeper | Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an Apache Zookeeper vulnerability (CVE-2019-4244)
1.3.6 | Internal Vulnerability | Log Analysis | Security Bulletin: Log Analysis is vulnerable to Injection Attacks
1.3.6 | CVE-2020-13957 | Apache Solr | Security Bulletin: Vulnerability related to unauthenticated uploads in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2020-13957)
1.3.5 FP003 | CVE-2019-0192 | Apache Solr | Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2019-0192)
This table contains a list of vulnerabilities that were resolved by the respective version of the component.
| Affected Log Analysis Version | CVE No. | Component | Vulnerability Description |
|---|---|---|---|
| 1.3.5FP3 1.3.6 1.3.6FP1 | CVE-2020-4590 | WebSphere Application Server Liberty | Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2020-4590) |
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
| CVE-2019-4046 | WebSphere Application Server Liberty | Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2019-4046)
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5FP1
1.3.5FP2
| CVE-2018-10237 | WebSphere Application Server Liberty | Security Bulletin: Potential denial of service in WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2018-10237)
1.3.5 | CVE-2017-12624 | WebSphere Application Server Liberty | Security Bulletin: Denial of Service in Apache CXF used by WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2017-12624)
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
| CVE-2018-1447
CVE-2018-1388
CVE-2016-0702
CVE-2016-0705
CVE-2017-3732
CVE-2017-3736
CVE-2018-1428
CVE-2018-1427
CVE-2018-1426 | IBM Tivoli
Monitoring | Security Bulletin: Multiple vulnerabilities affect the GSKit component of IBM Tivoli Monitoring shipped with IBM Operations Analytics - Log Analysis
1.3.5 | CVE-2018-1683 | WebSphere Application Server Liberty | Security Bulletin: Information disclosure in WebSphere Application Server Liberty bundled with IBM Operations Analytics - Log Analysis (CVE-2018-1683)
1.3.5 | CVE-2018-8039 | WebSphere Application Server Liberty | Security Bulletin: Potential MITM attack in Apache CXF used by WebSphere Application Server affects IBM Operations Analytics - Log Analysis (CVE-2018-8039)
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
| CVE-2018-1901 | WebSphere Application Server Liberty | Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2018-1901)
1.3.5 | CVE-2018-1553 | WebSphere Application Server Liberty | Security Bulletin: Information disclosure in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2018-1553)
1.3.4
1.3.5
| CVE-2014-7810 | WebSphere Application Server Liberty | Security Bulletin: Vulnerability in Expression Language library used by WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2014-7810)
1.3.5 | CVE-2018-1851 | WebSphere Application Server Liberty | Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM Operations Analytics - Log Analysis (CVE-2018-1851)
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
| CVE-2018-1755 | WebSphere Application Server Liberty | Security Bulletin: Information disclosure in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2018-1755)
[{“Type”:“MASTER”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Product”:{“code”:“SSPFMY”,“label”:“IBM Operations Analytics - Log Analysis”},“ARM Category”:[{“code”:“a8m50000000L0qYAAS”,“label”:“Log Analysis”},{“code”:“a8m50000000CcMiAAK”,“label”:“Log Analysis->Framework->Security - Vulnerabilities”}],“ARM Case Number”:“”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“All Versions”}]
Related
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C