7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
58.8%
log4j-1.2.16.jar is vulnerable and it is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1
CVEID:CVE-2023-26464
**DESCRIPTION:**Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the Chainsaw or SocketAppender components. By sending a specially crafted hashmap or hashtable, a remote attacker could exploit this vulnerability to exhaust available memory in the virtual machine, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249785 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Log Analysis | 1.3.5.3 |
Log Analysis | 1.3.6.x |
Log Analysis | 1.3.7.x |
Version | Fix details |
---|---|
IBM Operations Analytics - Log Analysis version 1.3.5.3, 1.3.6.x, 1.3.7.x |
If current Log Analysis version is older than version 1.3.7.2, upgrade to Log Analysis version 1.3.7 Fix Pack 2 and apply 1.3.x Log4j Interim Fix 1 (Solr) fix. Download 1.3.7-TIV-IOALA-FP2 and 1.3.x-TIV-IOALA-IF1-Log4j-solr
For Log Analysis version 1.3.7.2, apply 1.3.x Log4j Interim Fix 1 (Solr) fix. Download 1.3.x-TIV-IOALA-IF1-Log4j-solr
For user of Logstash, apply 1.3.x Log4j Interim Fix 2 (Logstash) fix. Download 1.3.x-TIV-IOALA-IF2-Log4j-LS
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm smartcloud analytics | eq | 1.3.5 | |
ibm smartcloud analytics | eq | 1.3.6 | |
ibm smartcloud analytics | eq | 1.3.7 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
58.8%