Lucene search

IBMCC1037BD0D9F0BF18455D3D0CD4FC06D384EB60816EBDE2EEE853DDB99544F8D

HistoryNov 21, 2022 - 11:57 a.m.

Security Bulletin: IBM Operations Analytics - Log Analysis susceptible to vulnerability in Apache Tika (CVE-2022-25169)

2022-11-2111:57:04

www.ibm.com

ibm operations analytics

log analysis

apache tika

denial of service vulnerability

cve-2022-25169

security bulletin

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.6%

JSON

Summary

Apache Tika shipped with IBM Operations Analytics - Log Analysis is vulnerable to denial of service,. This has been fixed.

Vulnerability Details

CVEID:CVE-2022-25169
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by improper input validation in the BPG parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.7.2

Remediation/Fixes

Version	Fix details
IBM Operations Analytics - Log Analysis version 1.3.7.2	Upgrade to Log Analysis version 1.3.7.2 Interim Fix 1. Download the 1.3.7.2-TIV-IOALA-IF001.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsmartcloud_analytics_log_analysisMatch1.3.7.2

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.7.2

CPE	Name	Operator	Version
	ibm smartcloud analytics	eq	1.3.7.2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.6%

JSON

Related for CC1037BD0D9F0BF18455D3D0CD4FC06D384EB60816EBDE2EEE853DDB99544F8D