Friday, August 28, 2020

Security Bulletin: Query Parameter in SSL vulnerability in IBM Operations Analytics – Log Analysis

Aug 28, 2020 8:00 pm EDT

Categorized: Low Severity

Share this post:

When session timeout occurs, Log Analysis UI asks to re-enter the password. Requests sent over SSL contain the query parameter name, value or combination of values like username and password.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6324045



from IBM Product Security Incident Response Team https://ift.tt/32DoPrI

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.