Security Bulletin: Clickjacking vulnerability in IBM Operations Analytics - Log Analysis (CVE-2019-4215)

2019-12-2008:47:33

www.ibm.com

0.001 Low

EPSS

Percentile

40.1%

JSON

Summary

There is a clickjacking vulnerability in IBM Operations Analytics - Log Analysis

Vulnerability Details

CVEID:CVE-2019-4215
DESCRIPTION:
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159186 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Log Analysis	1.3.1
Log Analysis	1.3.2
Log Analysis	1.3.3
Log Analysis	1.3.4
Log Analysis	1.3.5

Remediation/Fixes

Principal Product and Version(s)	Fix details
IBM Operations Analytics - Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.3.1 and 1.3.5	Upgrade from current Log Analysis version to Log Analysis 1.3.6

You can download the respective platform from Passport Advantage using part number

Part No Part Name
CC3VNEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Linux 64 bit ALL editions English
CC3VPEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 zLinux 64 bit ALL editions English
CC3VQEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Power8 ppc64le ALL editions English

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm smartcloud analyticseq1.3.1
ibm smartcloud analyticseq1.3.2
ibm smartcloud analyticseq1.3.3
ibm smartcloud analyticseq1.3.4
ibm smartcloud analyticseq1.3.5

Name	Operator	Version
ibm smartcloud analytics	eq	1.3.1
ibm smartcloud analytics	eq	1.3.2
ibm smartcloud analytics	eq	1.3.3
ibm smartcloud analytics	eq	1.3.4
ibm smartcloud analytics	eq	1.3.5

0.001 Low

EPSS

Percentile

40.1%

JSON

Related for E96ABECBCB365CD357E2399E709DE4B97ED095A32F0947BBEE2C5C1EA4A7AE7E