Unauthenticated configset uploads vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis have been addressed.
CVEID:CVE-2020-13957
**DESCRIPTION:**Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the Configsets API. By using a combination of UPLOAD/CREATE actions, an attacker could exploit this vulnerability to bypass the checking mechanism for features considered as dangerous.
CVSS Base score: 9.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189644 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
Affected Product(s) | Version(s) |
---|---|
Log Analysis | 1.3.5.3 |
Principal Product and Version(s) : | Fix details |
---|---|
IBM Operations Analytics - Log Analysis version 1.3.5.3 | Upgrade to Log Analysis version 1.3.6.0 or later |
Download the 1.3.6-TIV-IOALA-FP000 here.
None