Apache Cassandra is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE.
Note that the usage of Apache Cassandra within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that utility then you are not affected by this bulletin.
CVEID: CVE-2018-8016 Description: Apache Cassandra could allow a remote attacker to execute arbitrary code on the system, caused by the binding of an unauthenticated JMX/RMI interface to all network interfaces. An attacker could exploit this vulnerability using an RMI request to execute arbitrary code on the system with the privileges of the victim.
CVSS Base Score: 7.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/145402> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM Operations Analytics Predictive Insights v1.3.6
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
IBM Operations Analytics Predictive Insights | 1.3.6.1 | see readme | RHEL 7: https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=All&platform=All&function=fixId&fixids=1.3.6-TIV-PredictiveInsights-el7-x86_64-InterimFix001 |
The readme in the downloaded artifact includes instructions about how to update the Cassandra version.
None