Security Bulletin: Multiple Vulnerabilities in IBM Operations Analytics Predictive Insights.

Summary Multiple vulnerabilities were addressed in IBM Operations Analytics Predictive Insights 1.3.6 iFix 8 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticato...

Security Bulletin: A security vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2023-36478)

Summary There is a potential denial of service in Eclipse Jetty that is used by Apache Solr shipped with IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer...

Security Bulletin: A Bouncy Castle vulnerability has been identified in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33201)

Summary There is a potential injection vulnerability in Bouncy Castle that is used by Apache Solr and Logstash. This has been addressed Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive...

Security Bulletin: Multiple vulnerabilities affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis

Summary The following security issues have been identified in Netty component included as part of Apache Solr, Apache Zookeeper and Logstash product Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of...

Security Bulletin: Log Analysis is susceptible to a vulnerability in Apache Solr

Summary There is jose4j vulnerability in Apache Solr. This has been addressed Vulnerability Details IBM X-Force ID: 254437 DESCRIPTION: Jose4J could allow a remote attacker to obtain sensitive information, caused by a chosen ciphertext attack in RSA15. By using cryptographic attack techniques, an...

Security Bulletin: Potential Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis

Summary There is a potential XXE vulnerability in Apache Solr. This has been addressed. Vulnerability Details IBM X-Force ID: 261776 DESCRIPTION: Eclipse Jetty is vulnerable to server-side request forgery, caused by improper handling of XML external entity XXE declarations by the XmlParser. By...

Security Bulletin: Potential vulnerability in Eclipse Jetty used by Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2023-36479)

Summary Eclipse Jetty in Apache Solr could provide weaker than expected security. This has been addressed. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the...

Security Bulletin: Vulnerability in Apache Solr, Apache Zookeeper and Logstash affect IBM Operations Analytics - Log Analysis (CVE-2023-34462)

Summary There is Netty vulnerability in Apache Solr, Apache Zookeeper and Logstash that effect IBM Operations Analytics - Log Analysis. These have been addressed Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up...

Security Bulletin: Eclipse Jetty vulnerability in Apache Solr and Apache ZooKeeper bundled with IBM Operations Analytics - Log Analysis (CVE-2023-26049)

Summary Information disclosure vulnerability in Eclipse Jetty that is used by Apache Solr and Apache ZooKeeper. Log Analysis has addressed the vulnerability Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive...

Security Bulletin: A vulnerability has been identified in Apache Solr and Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis (CVE-2023-26048)

Summary There is a potential vulnerability in Eclipse Jetty that is used by Apache Solr and Apache ZooKeeper. This has been addressed Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2023-40167)

Summary There is a potential HTTP request smuggling vulnerability in Apache Solr. This has been addressed. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted...

Security Bulletin: Google Guava vulnerability in Apache Solr and Logstash bundled with IBM Operations Analytics - Log Analysis (CVE-2023-2976)

Summary There is an information disclosure vulnerability in Google Guava that is used by Apache Solr and Logstash. This has been addressed Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a fl...

Security Bulletin: Vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2023-50290)

Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr Vulnerability Details CVEID:CVE-2023-50290 DESCRIPTION: Apache Solr could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending ...

Security Bulletin: There are multiple vulnerabilities in IBM Db2 bundled with IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details Refer to the...

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights uses Apache ActiveMQ software, as a core module in processing analytics data. The vulnerability CVE-2023-46604 found in Apache ActiveMQ could be exploited to download and infect Linux systems with the Kinsing malware. This bulletin identifies t...

Security Bulletin: Vulnerability in IBM® SDK, Java™ Technology Edition may affect IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights uses BM® SDK, Java™ Technology Edition, and vulnerability CVE-2022-40609 may expose Java process to a variety of malicious attacks Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 cou...

Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights

Summary There are multiple vulnerabilities in IBM® DB2 used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445,...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server which is a component of IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is a component of IBM Operations Analytics Predictive Insights. Multiple vulnerabilities in Websphere Application Server WAS 8.5 and 9.0 affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. Information about the following relevant...

Security Bulletin: Vulnerability in Google gson 2.2.4 libraries (CVE-2022-25647) affects IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights uses Google gson libraries for serialization/deserialization of objects in REST mediation service. A security vulnerability in versions prior to gson 2.8.9. could be exploited to compromise Operations Analytics Predictive Insights services...

Security Bulletin: Denial of Service Vulnerability in Apache Solr used by IBM Operations Analytics - Log Analysis

Summary There is a potential denial of service in Apache Solr that is used by IBM Operations Analytics - Log Analysis Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker cou...