The cross-origin resource sharing (CORS) policy in IBM Security Information Queue (ISIQ) is too permissive. It allows all origins to access the ISIQ Web Server resources when such cross-domain accesses are unnecessary for ISIQ functionality. As of v1.0.5, ISIQ no longer permits cross-origin resource sharing.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Security Information Queue (ISIQ) | 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/5390193
The post Security Bulletin: IBM Security Information Queue has overly permissive CORS policy (CVE-2020-4292) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/3cjMW2Y
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.