Friday, February 28, 2020

Security Bulletin: IBM Security Information Queue has overly permissive CORS policy (CVE-2020-4292)

The cross-origin resource sharing (CORS) policy in IBM Security Information Queue (ISIQ) is too permissive. It allows all origins to access the ISIQ Web Server resources when such cross-domain accesses are unnecessary for ISIQ functionality. As of v1.0.5, ISIQ no longer permits cross-origin resource sharing.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/5390193

The post Security Bulletin: IBM Security Information Queue has overly permissive CORS policy (CVE-2020-4292) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/3cjMW2Y

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.