Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4D1F2AB4280D1E27F492393EDA89C0118872E3786543BFFDC996493376996CF7
HistoryApr 19, 2021 - 7:54 a.m.

Security Bulletin: Vulnerability in Apache Hadoop affect Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2018-11768)

2021-04-1907:54:50
www.ibm.com
9
apache hadoop
apache solr
ibm operations analytics
log analysis
cve-2018-11768
buffer errors vulnerability
upgrade
remote attackers
user/group information

EPSS

0.007

Percentile

80.0%

JSON

Summary

There is a potential Buffer Errors vulnerability in Apache Hadoop (hadoop-hdfs) that affects Apache Solr

Vulnerability Details

CVEID:CVE-2018-11768
**DESCRIPTION:**Apache Hadoop is vulnerable to a denial of service, caused by a mismatch in the size of the fields used to store user/group information between memory and disk representation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the user/group information to be corrupted across storing in fsimage and reading back from fsimage.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168305 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2

Log Analysis| 1.3.3

Log Analysis| 1.3.4

Log Analysis| 1.3.5

Log Analysis| 1.3.6

Remediation/Fixes

Principal Product and Version(s) : Fix details
IBM Operations Analytics - Log Analysis version 1.3.x Upgrade to Log Analysis version 1.3.7
Download the 1.3.7-TIV-IOALA-FP here

Workarounds and Mitigations

None

Related

osv 2
symantec 1
redhatcve 1
cve 1
veracode 1
cvelist 1
nvd 1
github 1
prion 1
ibm 4
osv
osv
user/group information can be corrupted across storing in fsimage and reading back from fsimage
2019-11-20 01:38:00
CVE-2018-11768
2019-10-04 14:15:10
symantec
symantec
Apache Hadoop CVE-2018-11768 Memory Corruption Vulnerability
2019-10-04 00:00:00
redhatcve
redhatcve
CVE-2018-11768
2019-10-23 14:20:53
cve
cve
CVE-2018-11768
2019-10-04 14:15:10
veracode
veracode
Denial Of Service (DoS)
2019-10-07 04:27:12
cvelist
cvelist
CVE-2018-11768
2019-10-04 13:56:56
nvd
nvd
CVE-2018-11768
2019-10-04 14:15:10
github
github
user/group information can be corrupted across storing in fsimage and reading back from fsimage
2019-11-20 01:38:00
prion
prion
Design/Logic Flaw
2019-10-04 14:15:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in hadoop-hdfs-2.7.3.jar affect IBM Application Performance Management products
2023-09-07 06:46:15
Security Bulletin: Vulnerability in Apache Hadoop affects watsonx.data
2024-09-05 18:10:03
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2021-12-03 18:47:00

EPSS

0.007

Percentile

80.0%

JSON
Related for 4D1F2AB4280D1E27F492393EDA89C0118872E3786543BFFDC996493376996CF7
osv2symantec1redhatcve1cve1veracode1cvelist1nvd1github1prion1ibm4