Tuesday, June 30, 2020

Security Bulletin: Insecure Path Attribute in IBM Operations Analytics – Log Analysis (CSRFToken , LtpaToken2)

Jun 30, 2020 8:02 pm EDT

Categorized: Medium Severity

Share this post:

The ‘path’ attribute signifies the URL or path for which the cookie is valid. If the path attribute is set to the web server root “/”directory, then the application along with the hosting web server becomes vulnerable to multiple attacks. The path is set to “/” – https://LA_HOSTNAME:9987/Unity

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6242190



from IBM Product Security Incident Response Team https://ift.tt/3dJVQ9v

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.