Tuesday, June 30, 2020

Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics – Log Analysis (pre-login scenario)

Jun 30, 2020 8:02 pm EDT

Categorized: Medium Severity

Share this post:

HTTP Host header value is use to generate links, import scripts and generate password resets. The value can be controlled by attacker and be exploited using web-cache poisoning and alternative channels. In Log Analysis, host header injection can be exploited to run scripts in the context of the application by remote file inclusion in particular pre-login scenario.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6242210



from IBM Product Security Incident Response Team https://ift.tt/2Agrwp4

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.