Security Bulletin: Vulnerabilities in Apache Solr (lucene) affect IBM Operations Analytics - Log Analysis (CVE-2025-24814, CVE-2024-52012)

Summary There are vulnerabilities in privilege escalation and arbitrary filepath write-access that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2025-24814 DESCRIPTION: Core creation allows users to replace "trusted" configset files with...

Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affects IBM Operations Analytics - Log Analysis (CVE-2023-50386, CVE-2023-50298, CVE-2023-50292, CVE-2023-50291)

Summary There are vulnerabilities in backup/restore APIs, Solr streaming expressions, and Apache Solr schema designer that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Improper Control of Dynamically-Managed Code...

Security Bulletin: WebSphere Application Server Liberty shipped with IBM Operations Analytics - Log Analysis is vulnerable to information disclosure (CVE-2023-50314)

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An...

Security Bulletin: IBM Operations Analytics - Log Analysis is vulnerable to an XML External Entity Injection (XXE) vulnerability

Summary There is a potential XML External Entity Injection XXE vulnerability with reload4j library that is used in IBM Operations Analytics - Log Analysis. This has been addressed. Vulnerability Details IBM X-Force ID: 294027 DESCRIPTION: QOS.CH reload4j allow a remote attacker to obtain sensitiv...

Security Bulletin: Potential Directory Traversal Vulnerability in Apache Ant shipped with IBM Operations Analytics - Log Analysis (CVE-2022-48285)

Summary There is a potential directory traversal vulnerability via a crafted zip in Apache Ant Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with...

Security Bulletin: Potential Vulnerability in Apache Solr and Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis (CVE-2022-24823)

Summary There is a potential Netty vulnerability in Apache Solr and Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis. This has been fixed Vulnerability Details CVEID:CVE-2022-24823 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information,...

Security Bulletin: Potential denial of service vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2021-33813)

Summary An XXE issue allows attacker to cause denial of service in Apache Solr. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit thi...

Security Bulletin: Vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2018-18928)

Summary Apache Solr is vulnerable to integer overflow. This has been addressed. Vulnerability Details CVEID:CVE-2018-18928 DESCRIPTION: International Components for Unicode ICU is vulnerable to a denial of service, caused by an integer overflow in the...

Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2022-29181, CVE-2022-23476)

Summary There are multple nokogiri vulnerabilities in Logstash that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2022-29181 DESCRIPTION: Nokogiri is vulnerable to a denial of service, caused by improper handling of unexpected data type...

Security Bulletin: Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022)

Summary There are multple cross site scripting vulnerabilities in Apache Ant that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Multiple vulnerabilities in Netty affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis

Summary There are vulnerabilities in various versions of Netty that affect Apache Solr, Apache Zookeeper and Logstash. The vulnerabilities are in Vulnerability Details section Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw i...

Security Bulletin: Netty vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis

Summary There is a potential validation vulnerability in Netty that is used by Apache Solr. This has been addressed Vulnerability Details IBM X-Force ID: 221368 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by improper hostname verification. An attacker could exploit this...

Security Bulletin: Multiple vulnerabilities affect Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-22201, CVE-2023-51775)

Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as Indexing Engine server is vulnerable to denial of service. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP...

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute...

Security Bulletin: ThreeTen Backport vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-23081,CVE-2024-23082)

Summary There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-23082 DESCRIPTION: ThreeTen Backport is vulnerable to a denial of service, caused by an integer overflow in...

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: The...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2024-25026, CVE-2024-22329)

Summary IBM WebSphere Application Server Liberty is vulnerable to denial of service and server-side request forgery. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are...

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2023-50312)

Summary WebSphere Application Server Liberty used by IBM Operations Analytics - Log Analysis is vulnerable to weak security. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for...

Security Bulletin: A vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2024-22354)

Summary IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity XXE injection vulnerability. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...