Security Bulletin
Summary
Apache Cassandra is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE.
Note that the usage of Apache Cassandra within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that utility then you are not affected by this bulletin.
Vulnerability Details
CVEID: CVE-2018-8016
Description: Apache Cassandra could allow a remote attacker to execute arbitrary code on the system, caused by the binding of an unauthenticated JMX/RMI interface to all network interfaces. An attacker could exploit this vulnerability using an RMI request to execute arbitrary code on the system with the privileges of the victim.
CVSS Base Score: 7.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/145402 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM Operations Analytics Predictive Insights v1.3.6
Remediation/Fixes
The readme in the downloaded artifact includes instructions about how to update the Cassandra version.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
02 November 2018: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
05 November 2018
UID
ibm10738363