Lucene search

K
ibmIBME64AB3ADC23B600EA6ED20359A0A41DC683503D7E0E0C1B0EA08877FC18ADCD0
HistoryApr 16, 2021 - 6:03 a.m.

Security Bulletin: dom4j Vulnerability in Apache Solr shipped with IBM Operations Analytics - Log Analysis Analysis (CVE-2018-1000632)

2021-04-1606:03:16
www.ibm.com
21
dom4j
xml injection
apache solr
ibm operations analytics
log analysis
cve-2018-1000632
vulnerability
remote code execution
improper input validation
patch
upgrade

EPSS

0.003

Percentile

70.9%

Summary

There is an XML Injection vulnerability in dom4j that affects Apache Solr.

Vulnerability Details

CVEID:CVE-2018-1000632
**DESCRIPTION:**dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6

Remediation/Fixes

Principal Product and Version(s) : Fix details
IBM Operations Analytics - Log Analysis version 1.3.x Upgrade to Log Analysis version 1.3.7
Download the 1.3.7-TIV-IOALA-FP here

Workarounds and Mitigations

None