There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis
CVEID:CVE-2024-23082
**DESCRIPTION:**ThreeTen Backport is vulnerable to a denial of service, caused by an integer overflow in the org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287387 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-23081
**DESCRIPTION:**ThreeTen Backport is vulnerable to a denial of service, caused by a NullPointerException flaw in the org.threeten.bp.LocalDate::compareTo(ChronoLocalDate) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Log Analysis | 1.3.7.2 |
Principal Product and Version(s) | Fix details |
---|---|
IBM Operations Analytics - Log Analysis version 1.3.7.2 |
Install Log Analysis 1.3.8 or upgrade to later fix pack
You can download the release from Passport Advantage. Part number:
M0GJREN IBM Operations Analytics Log Analysis v1.3.8 Linux 64 bit
M0GJSEN IBM Operations Analytics Log Analysis v1.3.8 zLinux 64 bit
M0GJTEN IBM Operations Analytics Log Analysis v1.3.8 Power8 ppc64le
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm smartcloud analytics | eq | 1.3.7.2 |