Monday, September 28, 2020

Security Bulletin: Aspera on Cloud CVE-2020-8184

Sep 28, 2020 8:00 pm EDT

Categorized: Medium Severity

Share this post:

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Prior to discovery of this vulnerability, Aspera on Cloud used rack gem V2.2.2. Once the vulnerability was identified the version of rack gem used was upgraded to V2.2.3, which does not contain this vulnerability. Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Aspera on Cloud All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6338791



from IBM Product Security Incident Response Team https://ift.tt/30gwrjK

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.