Security Bulletin: IBM Operations Analytics - Log Analysis is affected by potential data integrity and denial of service due to Apache POI

Summary Apache POI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of extracting text and metadata from document files. CVE‑2022‑26336, CVE‑2025‑31672 Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by insufficiently privileged clients to execute snapshot and restore commands due to Apache Zookeeper

Summary Apache Zookeeper in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the coordination and configuration management backbone for SolrCloud. CVE-2025-58457. Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer le...

Security Bulletin: Due to use of Apache Commons Lang, IBM Operations Analytics - Log Analysis is affected by Uncontrolled Recursion Vulnerability

Summary Apache Commons Lang in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the core utility such as string manipulation, object utilities, and class utilities. CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerabilit...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

Summary IBM Operations Analytics – Log Analysis is affected by weaknesses in its Backend Authentication and Session Management module—used as part of its login mechanism—which exposes the product to improper authentication risks, including weak password policy enforcement and insufficient account...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by cross-site scripting due to WebSphere Application Server Liberty

Summary WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of managing the lifecycle of Java servlets and client. CVE-2025-12635. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

EUVD-2024-55398

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery CSRF vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions...

CVE-2024-40685

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery CSRF vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions...

CVE-2024-40685

CVE-2024-40685 affects IBM Operations Analytics – Log Analysis and IBM SmartCloud Analytics – Log Analysis. Connected sources confirm a CSRF vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions. Affected versions include IBM Operations Analytics ...

CVE-2024-40685 IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery CSRF vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions...

CVE-2024-40685

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery CSRF vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions...

CVE-2024-40685 IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery CSRF vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions...

IBM Operations Analytics - Log Analysis 跨站请求伪造漏洞

IBM Operations Analytics – Log Analysis is a log analysis software developed by IBM. Versions 1.3.5.0 to 1.3.8.3 of IBM Operations Analytics – Log Analysis contain a cross-site request forgeing vulnerability. This vulnerability is due to a susceptibility to cross-site request forgery attacks, whi...

PT-2026-5866

Name of the Vulnerable Software and Affected Versions IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 IBM SmartCloud Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 Description The software is susceptible to a cross-site request forgery CSRF condition. Successfu...

Security Bulletin: Due to use of Apache Commons Text, IBM Operations Analytics - Log Analysis is affected by Remote Code Execution Attacks

Summary Apache Commons Text in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the string manipulation and interpolation. CVE-2025-46295. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included interpolation features...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial-of-Service (DoS) due to use of jose4j library

Summary jose.4.j library in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the secure token-based authentication and encryption mechanisms. CVE-2024-29371. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.5, an attacker can cause a...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack

Summary IBM Operations Analytics – Log Analysis uses CSRF tokens to prevent unauthorised actions from being performed by an attacker on behalf of an authenticated user. CVE-2024-40685. Vulnerability Details CVEID:CVE-2024-40685 DESCRIPTION: IBM SmartCloud Analytics - Log Analysis is vulnerable to...

Security Bulletin: Due to use of servlet feature in IBM WebSphere Application Server Liberty, IBM Operations Analytics - Log Analysis is affected by a security bypass vulnerability

Summary servlet feature in IBM WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of HTTP Servlets support. CVE-2024-56339. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by incorrect validation of integrity check due to OpenSSH

Summary OpenSSH is used by IBM Operations Analytics - Log Analysis as part of implementations of SSH servers and clients. CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty

Summary Jakarta Mail in IBM WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of sending and receiving emails. CVE-2025-7962. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by incorrect authorisation and XML external entity (XXE) vulnerabilities due to Apache Solr.

Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as part of managing Solr collection and arbitary local file. CVE-2018-11802, CVE-2018-1308. Vulnerability Details CVEID:CVE-2018-11802 DESCRIPTION: In Apache Solr, the cluster can be partitioned into multiple collections and...