Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF52078C3CD6350F062D64B5C88176DBF009214F5DCC83CE7CB6761C3791B8AA3
HistoryOct 04, 2021 - 6:40 a.m.

Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Tika

2021-10-0406:40:18
www.ibm.com
12

EPSS

0.012

Percentile

85.2%

JSON

Summary

There are vulnerabilities in various versions of Apache Tika that affect Apache Solr. The vulnerabilities are in Vulnerability Details section.

Vulnerability Details

CVEID:CVE-2019-10094
**DESCRIPTION:**Apache Tika is vulnerable to a stack-based buffer overflow, caused by a flaw in the RecursiveParserWrapper function. By persuading a victim to unzip a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164711 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2018-17197
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by an error in the SQLite3Parser. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154701 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-1951
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by an error in the PSDParser. By persuading a victim to open a specially-crafted PSD file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178089 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-10093
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by a flaw in the SAXParsers. By persuading a victim to open a specially-crafted 2003ml or 2006ml file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164710 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-1950
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by an excessive memory usage flaw in the PSDParser. By persuading a victim to open a specially-crafted PSD file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178088 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-9489
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by an out of memory error and infinite loop flaw in the ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180712 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6
Log Analysis 1.3.7

Remediation/Fixes

Principal Product and Version(s) : Fix details
IBM Operations Analytics - Log Analysis version 1.3.x Upgrade to Log Analysis version 1.3.7 Fix Pack 1
Download the 1.3.7-TIV-IOALA-FP1

Workarounds and Mitigations

None

Related

ibm 10
openvas 6
nessus 7
osv 14
debian 1
ubuntu 1
cve 6
cvelist 6
debiancve 6
nvd 6
veracode 6
redhatcve 4
ubuntucve 6
github 6
prion 6
redhat 1
oracle 7
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tika
2020-06-19 05:12:26
Security Bulletin: Apache Tika as used by IBM QRadar SIEM is vulnerable to a denial of service (CVE-2020-1951, CVE-2020-1950)
2020-07-13 20:36:32
Security Bulletin: Apache Tika as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-10088, CVE-2019-10093, CVE-2019-10094)
2019-12-20 08:47:33
openvas
openvas
Ubuntu: Security Advisory (USN-4564-1)
2020-10-07 00:00:00
Apache Tika Server 1.x <= 1.23 Multiple Vulnerabilities
2020-03-24 00:00:00
Debian: Security Advisory (DLA-2161-1)
2020-03-29 00:00:00
nessus
nessus
Debian DLA-2161-1 : tika security update
2020-03-30 00:00:00
Ubuntu 16.04 LTS : Apache Tika vulnerabilities (USN-4564-1)
2020-10-05 00:00:00
Oracle WebCenter Portal Multiple Vulnerabilities (Apr 2021 CPU)
2021-04-22 00:00:00
osv
osv
tika - security update
2020-03-28 00:00:00
tika vulnerabilities
2020-10-05 17:29:37
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
2018-12-26 17:45:07
debian
debian
[SECURITY] [DLA 2161-1] tika security update
2020-03-28 21:12:40
ubuntu
ubuntu
Apache Tika vulnerabilities
2020-10-05 00:00:00
cve
cve
CVE-2018-17197
2018-12-24 14:29:00
CVE-2020-9489
2020-04-27 14:15:11
CVE-2019-10094
2019-08-02 19:15:11
cvelist
cvelist
CVE-2018-17197
2018-12-24 14:00:00
CVE-2019-10094
2019-08-02 18:37:52
CVE-2020-9489
2020-04-27 13:25:27
debiancve
debiancve
CVE-2018-17197
2018-12-24 14:29:00
CVE-2019-10094
2019-08-02 19:15:11
CVE-2020-9489
2020-04-27 14:15:11
nvd
nvd
CVE-2018-17197
2018-12-24 14:29:00
CVE-2020-9489
2020-04-27 14:15:11
CVE-2019-10093
2019-08-02 19:15:11
veracode
veracode
Denial Of Service (DoS)
2018-12-24 03:26:35
Denial Of Service (DoS)
2020-04-27 12:54:57
Denial Of Service (DoS)
2019-08-05 07:37:43
redhatcve
redhatcve
CVE-2018-17197
2019-01-07 10:20:00
CVE-2020-9489
2020-06-23 13:25:32
CVE-2020-1951
2022-05-20 23:59:21
ubuntucve
ubuntucve
CVE-2020-9489
2020-04-27 00:00:00
CVE-2018-17197
2018-12-24 00:00:00
CVE-2019-10093
2019-08-02 00:00:00
github
github
Missing Release of Memory after Effective Lifetime in Apache Tika
2021-05-07 15:53:40
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
2018-12-26 17:45:07
Allocation of Resources Without Limits or Throttling in Apache Tika
2019-08-06 01:43:38
prion
prion
Code injection
2018-12-24 14:29:00
Design/Logic Flaw
2020-04-27 14:15:00
Code injection
2019-08-02 19:15:00
redhat
redhat
(RHSA-2020:5568) Important: Red Hat Fuse 7.8.0 release and security update
2020-12-16 12:07:05
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00

EPSS

0.012

Percentile

85.2%

JSON
Related for F52078C3CD6350F062D64B5C88176DBF009214F5DCC83CE7CB6761C3791B8AA3
ibm10openvas6nessus7osv14debian1ubuntu1cve6cvelist6debiancve6nvd6veracode6redhatcve4ubuntucve6github6prion6redhat1oracle7