High Severity

IBM Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics – Log Analysis (CVE-2019-0192)

Share this post:

In Solr the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of unsafe deserialization in Solr to trigger remote code execution on the Solr side.

CVE(s): CVE-2019-0192

Affected product(s) and affected version(s):
IBM Operations Analytics – Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.4 and 1.3.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10881886
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157932

More stories

IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

May 18, 2019 9:02 am EDT | High Severity

PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. CVE(s): CVE-2018-1000026, CVE-2018-18559, CVE-2018-14634, CVE-2018-14633, CVE-2018-13405, CVE-2018-10940, CVE-2018-10883, CVE-2018-10881, CVE-2018-10879, CVE-2018-10878, CVE-2018-8781, CVE-2018-7757, CVE-2018-7740, CVE-2018-5803, CVE-2018-5344, CVE-2018-1130, CVE-2018-1094, CVE-2018-1092, CVE-2017-18344, CVE-2017-18232, CVE-2017-18208, CVE-2017-17805, CVE-2017-10661, CVE-2017-0861, CVE-2016-4913, CVE-2015-8830, CVE-2019-6974, CVE-2018-17972, CVE-2018-9568 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the ...read more


IBM Security Bulletin: A vulnerability in OpenWSMAN affects PowerKVM

May 18, 2019 9:01 am EDT | High Severity

PowerKVM is affected by a vulnerability in OpenWSMAN. IBM has now addressed this vulnerability. CVE(s): CVE-2019-3816 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10879789X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158792 ...read more


IBM Security Bulletin: Vulnerabiliies in libssh2 affect PowerKVM

May 18, 2019 9:01 am EDT | High Severity

PowerKVM is affected by vulnerabilities in libssh2. IBM has now addressed these vulnerabilities. CVE(s): CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10878989X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158347X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158341X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158340X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158339 ...read more