IBMBAC4DFDFF8D895543CC0563D7048EA7F715853EB0EE20D735D835FE3602917BFSecurity Bulletin: IBM QRadar Incident Forensics is vulnerable to a publicly disclosed vulnerability in Apache Tika (CVE-2018-17197)
EPSS
Percentile
84.8%
Summary
Open source Apache Tika as used in IBM QRadar Incident Forensics is vulnerable to denial of service.
Vulnerability Details
CVEID: CVE-2018-17197
**Description:**Apache Tika is vulnerable to a denial of service, caused by an error in the SQLite3Parser. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
**CVSS Base Score:**5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154701> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products and Versions
ยท IBM QRadar 7.3 to 7.3.2 Patch 1
ยท IBM QRadar 7.2 to 7.2.8 Patch 15
Remediation/Fixes
IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 2
IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 16
Workarounds and Mitigations
None
Related
EPSS
Percentile
84.8%