Open source Apache Tika as used in IBM QRadar Incident Forensics is vulnerable to denial of service.
CVEID: CVE-2018-17197
**Description:**Apache Tika is vulnerable to a denial of service, caused by an error in the SQLite3Parser. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
**CVSS Base Score:**5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154701> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
ยท IBM QRadar 7.3 to 7.3.2 Patch 1
ยท IBM QRadar 7.2 to 7.2.8 Patch 15
IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 2
IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 16
None