281 matches found
Security Bulletin: An Apache-Spark vulnerability affects IBM Operations Analytics Predictive Insights (PVR0342171 )
Summary An Apache-Spark vulnerability affects IBM Operations Analytics Predictive Insights PVR0342171. Apache-Spark is used by IBM Operations Analytics Predictive Insight in the data processing services. The vulnerabilities have been addressed. Vulnerability Details Refer to the security bulletin...
Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]
Summary Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights CVE-2022-42889, CVE-2022-33980. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, par...
Security Bulletin: Information disclosure in FasterXML Jackson Dataformats affect IBM Operations Analytics - Log Analysis (CVE-2020-28491)
Summary FasterXML jackson-dataformat-cbor is susceptible to denial of service, caused by java.lang.OutOfMemoryError exception. Vulnerability Details CVEID:CVE-2020-28491 DESCRIPTION: FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of by...
Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis (CVE-2022-26612, CVE-2022-25168)
Summary Multiple vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypas...
Security Bulletin: Potential vulnerability in Apache Calcite Avatica affects IBM Operations Analytics - Log Analysis (CVE-2022-36364)
Summary Prior to version 1.22.0 vulnerability in Apache Calcite Avatica allow a remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-36364 DESCRIPTION: Apache Calcite Avatica could allow a remote attacker to execute arbitrary code on t...
Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis
Summary There are multiple vulnerabilities in various versions of Data-Binding functionality for Jackson that affect IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are listed in the Vulnerability Details section below. Vulnerability Details CVEID:CVE-2020-25649...
Security Bulletin: Vulnerability in Apache Commons Text used by Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2022-42889)
Summary There is a potential vulnerability in Apache Commons Text that could allow remote attacker to execute arbitrary code. This has been fixed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM Operations Analytics - Log Analysis susceptible to vulnerability in Apache Tika (CVE-2022-25169)
Summary Apache Tika shipped with IBM Operations Analytics - Log Analysis is vulnerable to denial of service,. This has been fixed. Vulnerability Details CVEID:CVE-2022-25169 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by improper input validation in the BPG parser. By...
Security Bulletin: Potential Vulnerability in Apache HttpClient used by Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2020-13956)
Summary There is a potential vulnerability in Apache HttpClient that could allow remote attacker to bypass security restrictions Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling...
Security Bulletin: Vulnerability in Bouncy Castle used by Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2017-13098)
Summary There is a potential vulnerability that could allow attacker obtain sensitive information in Bouncy Castle TLS used by Logstash Vulnerability Details CVEID:CVE-2017-13098 DESCRIPTION: Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by an RSA Adaptive...
Security Bulletin: Vulnerabilities in SnakeYAML used by Logstash affects IBM Operations Analytics - Log Analysis (CVE-2022-25857, CVE-2017-18640)
Summary Multiple vulnerabilities in SnakeYAML affects IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are in the Vulnerability Details section. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of...
Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics - Log Analysis (CVE-2018-17196)
Summary Apache Kafka is vulnerable to improper input validation that could allow remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2018-17196 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions, caused by improper...
Security Bulletin: Potential vulnerability in Apache Commons Configuration affect IBM Operations Analytics - Log Analysis (CVE-2022-33980)
Summary Vulnerability in Apache Commons Configuration could allow remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the syste...
Security Bulletin: Potential vulnerability in Eclipse Jetty affects IBM Operations Analytics - Log Analysis (CVE-2022-2047)
Summary The vulnerability in Eclipse Jetty allows bypass security restrictions. This has been addressed. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By...
Security Bulletin: IBM Operations Analytics - Log Analysis vulnerable to multiple vulnerabilities in Apache Tika (CVE-2022-30126, CVE-2022-33879, CVE-2022-30973)
Summary Multiple vulnerabilities in Apache Tika affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID:CVE-2022-30973 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23305)
Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the JDBCAppender in Log4j 1.2.x which accepts a SQL statement as a configuration parameter. When JDBCAppender is specifically configured to use, malicious values could be inserted. This allo...
Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)
Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...
Security Bulletin: Vulnerabilities from log4j affect IBM Operations Analytics - Log Analysis (CVE-2019-17571, CVE-2020-9488)
Summary log4j is vulnerable to improper validation of certificate and deserialization of untrusted data. These vulnerabilities are in Apache Zookeeper, Apache Solr and Log Analysis. Vulnerability Details CVEID:CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics - Log Analysis (CVE-2021-38153)
Summary Apache Kafka is vulnerable to timing attacks that could allow remote attacker to obtain sensitive information Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use o...
Security Bulletin: Vulnerability from Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2021-22569)
Summary Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by an issue with allow interleaving of...