Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)

Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...

Security Bulletin: Vulnerabilities from log4j affect IBM Operations Analytics - Log Analysis (CVE-2019-17571, CVE-2020-9488)

Summary log4j is vulnerable to improper validation of certificate and deserialization of untrusted data. These vulnerabilities are in Apache Zookeeper, Apache Solr and Log Analysis. Vulnerability Details CVEID:CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics - Log Analysis (CVE-2021-38153)

Summary Apache Kafka is vulnerable to timing attacks that could allow remote attacker to obtain sensitive information Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use o...

Security Bulletin: Vulnerability from Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2021-22569)

Summary Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by an issue with allow interleaving of...

Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)

Summary Vulnerability in dojo allow remote attacker to access any cookies, session tokens, or other sensitive information through cross-site scripting Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Vulnerability from Apache Xerces2 affect IBM Operations Analytics - Log Analysis (CVE-2022-23437)

Summary Apache Xerces2 Java XML Parser shipped with Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to...

Security Bulletin: Vulnerability in Netty shipped with IBM Operations Analytics - Log Analysis (CVE-2019-20444)

Summary Netty prior to version 4.1.44 is vulnerable to HTTP request smuggling. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker could exploit...

Security Bulletin: Vulnerability from Eclipse Jetty affect IBM Operations Analytics - Log Analysis (CVE-2022-2048)

Summary Eclipse Jetty HTTP/2 server shipped with Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending...

Security Bulletin: IBM Operations Analytics - Log Analysis susceptible to multiple vulnerabilities in Apache Tika (CVE-2020-9489, CVE-2022-25169, CVE-2021-28657)

Summary Multiple vulnerabilities in Apache Tika affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID:CVE-2020-9489 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by an out ...

Security Bulletin: Vulnerability in Guava API affect IBM Operations Analytics - Log Analysis (CVE-2020-8908)

Summary Guava: Google Core Libraries API allows attacker with access to the machine to bypass security restrictions Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation...

Security Bulletin: Potential vulnerability in Apache Commons IO affect IBM Operations Analytics - Log Analysis (CVE-2021-29425)

Summary Prior to version 2.7 vulnerability in Apache Commons IO allow remote attacker to traverse directories on the system to view arbitrary files Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused...

Security Bulletin: Vulnerability in Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2018-1313)

Summary Apache Derby 10.3.1.4 to 10.14.1.0 could allow a remote attacker to bypass security restrictions Vulnerability Details CVEID:CVE-2018-1313 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network packets received. By...

Security Bulletin: Vulnerability in Apache Commons Codec 1.7 shipped with IBM Operations Analytics - Log Analysis

Summary Vulnerability in Apache Commons Codec 1.7 could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input...

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23302)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the JMSSink in all versions of Log4j 1. x allowing deserialization of untrusted data when the malicious attacker has write access to the Log4j configuration or if the configuration references an...

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the JMSAppender in Log4j 1.2 allowing deserialization of untrusted data when the attacker has write access to the Log4j configuration. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apach...

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 allowing a remote code execution RCE attack when a configuration uses a JDBC Appender with a...

Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics - Log Analysis

Summary The following security issues have been identified in the log4j-1.2.16.jar included as part of the IBM Operations Analytics - Log Analysis product. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Identity Spoofing vulnerability in IBM WebSphere Application Server Liberty affects IBM Operations Analytics - Log Analysis (CVE-2022-22476)

Summary IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Summary IBM Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty...

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to remote code execution (CVE-2021-23450)

Summary IBM Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WAS Information disclosure vulnerability CVE-2021-23450 which allows a remote user to execute arbitrary code in the browser. This has been addressed and...