Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable due to WebSphere Application Server Information Disclosure vulnerability (CVE-2021-29842)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WAS Information disclosure vulnerability CVE-2021-29842 which allows a remote user to enumerate usernames due to a difference of responses from valid and invalid...

Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights

Summary There are multiple vulnerabilities in IBM® DB2 used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs CVE-2021-39002, CVE-2021-20373, CVE-2021-38931, CVE-2021-38926, CVE-2021-29678 Vulnerabilit...

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to multiple vulnerabilities due to the use of IBM SDK, Java Technology Edition.

Summary IBM SDK, Java Technology Edition Quarterly CPU includes all applicable Java SE CVEs published by Oracle as part of their Quarterly CPU. This IBM SDK, Java Technology EditionQuarterly Update also covers one additional OpenJ9 CVE: CVE-2021-41035. The relevant CVEs CVE-2021-35560,...

Security Bulletin: Log4j remote code execution vulnerability in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2021-44228)

Summary IBM Operations Analytics - Log Analysis is bundled with Apache-Solr and Logstash Third-party components which are affected by the "CVE-2021-44228" security vulnerability. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitra...

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j CVE-2021-45105, CVE-2021-45046 is used by IBM Operations Analytics Predictive Insights as part of its UI and REST Mediation components . The fix includes Apache log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

Security Bulletin: A vulnerability in Apache log4j (CVE-2021-45105) affects IBM Operations Analytics Predictive Insights

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. Apache Log4j versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups which allows a Denial...

Security Bulletin: Security vulnerabilities in the Apache log4j library ( CVE-2021-45105 and CVE-2021-44832 ) have been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. The WebSphere Application Server is vulnerable to a remote code execution RCE attack CVE-2021-44832 where an attacker with permission to modify the logging configuration file can...

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the WebSphere Application Server WAS component. There is a separate security bulletin linked below that describes vulnerabilities CVE-2021-4104, CVE-2021-45046 in the Apache Log4j library as...

Security Bulletin: A vulnerability in Apache log4j affects IBM Operations Analytics Predictive Insights (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. This affects the IBM Operations Analytics Predictive Insights Analytics, UI and REST Mediation components. This vulnerability has been addressed. Vulnerability Details...

Security Bulletin: A vulnerability in Apache log4j affects IBM Operations Analytics Predictive Insights (CVE-2021-45046)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. This affects the IBM Operations Analytics Predictive Insights Analytics, UI and REST Mediation components. This vulnerability has been addressed. Vulnerability Details...

Security Bulletin: Security vulnerabilities ( CVE-2021-36090, CVE-2021-35517 ) in Apache Commons Compress affect WebSphere Application Server Liberty Profile, shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS Liberty Profile is shipped as a component of IBM Operations Analytics Predictive Insights. Information about Apache Commons Compress library vulnerabilities CVE-2021-36090, CVE-2021-35517 to a denial of service, caused by an out of memory error affect WAS...

Security Bulletin: A security vulnerability ( CVE-2021-29736 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability to remote users Privilege Escalation CVE-2021-29736 has been published in a security bulletin Vulnerability Details Refe...

Security Bulletin: Vulnerability in MetadataExtractor used by Apache Solr affect IBM Operations Analytics - Log Analysis Analysis (CVE-2019-14262)

Summary The vulnerability in MetadataExtractor 2.1.0 allows stack consumption. This has been addressed. Vulnerability Details CVEID: CVE-2019-14262 DESCRIPTION: MetadataExtractor is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a...

Security Bulletin: A security vulnerability ( CVE-2021-29754 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability to a Privilege Escalation CVE-2021-29754 has been published in a security bulletin Vulnerability Details Refer to the...

Security Bulletin: Multiple security vulnerabilities ( CVE-2012-6153, CVE-2014-3577, CVE-2011-1498, CVE-2015-5262 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerabilities CVE-2012-6153, CVE-2014-3577, CVE-2011-1498, CVE-2015-5262 in the Apache Commons and Apache HttpComponents jars have...

Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2017-3164)

Summary Server Side Request Forgery vulnerability in Apache Solr could allow attacker with access to make Solr perform a HTTP to any reachable URL. Vulnerability Details CVEID: CVE-2017-3164 DESCRIPTION: Apache Solr is vulnerable to server-side request forgery, caused by not having corresponding...

Security Bulletin: A security vulnerability ( CVE-2020-5258 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability CVE-2020-5258 related to the used Dojo library has been published in a security bulletin. Vulnerability Details Refer to...

Security Bulletin: A security vulnerability ( CVE-2021-20480 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability CVE-2021-20480 to a Server-side Request Forgery has been published in a security bulletin Vulnerability Details Refer to...

Security Bulletin: Vulnerability deferred from Oracle Oct 2020 CPU for Java 8 (CVE-2020-14781 ) may affect IBM® SDK, Java™ Technology Edition and IBM Operations Analytics Predictive Insights

Summary Vulnerability related to in IBM® SDK, Java™ Technology Edition may affect IBM Operations Analytics Predictive Insights 1.3.6 and earlier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Vulnerability...

Security Bulletin: A security vulnerability ( CVE-2021-20354 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability CVE-2021-20354 to a directory traversal vulnerability has been published in a security bulletin. Vulnerability Details...