Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2020-4449)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2020-4329)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights (CVE-2020-4230, CVE-2020-4135, CVE-2020-4200, CVE-2020-4161, CVE-2020-4204)

Summary There are multiple vulnerabilities in IBM® DB2 used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: Query Parameter in SSL vulnerability in IBM Operations Analytics - Log Analysis

Summary When session timeout occurs, Log Analysis UI asks to re-enter the password. Requests sent over SSL contain the query parameter name, value or combination of values like username and password. Vulnerability Details Third Party Entry: PSIRT-ADV0022529 DESCRIPTION: Created from Advisory:...

Security Bulletin: Vulnerability exposure ( deferred from Oracle Jan 2020 Java CPU ) in IBM Java SDK affects IBM Operations Analytics Predictive Insights

Summary Vulnerability exposure CVE-2020-2654 deferred from Oracle Jan 2020 CPU in IBM® SDK Java™ may affect Java SDK used in IBM Operations Analytics Predictive Insights 1.3.6. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-265...

Security Bulletin: Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights ( CVE-2020-4135, CVE-2020-4200, CVE-2020-4204)

Summary There are multiple vulnerabilities in IBM® DB2, Version 10.5 that is used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Vulnerability in Netty 4.1.x before 4.1.46 affects IBM Operations Analytics Predictive Insights (CVE-2020-11612)

Summary Netty 4.1.x before 4.1.46 is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. See Remediation/Fixes section to apply the recommended fixes. Vulnerability Details CVEID: CVE-2020-11612 DESCRIPTION: Netty is...

Security Bulletin: A vulnerability in Apache Spark 2.4.5 and earlier affects IBM Operations Analytics Predictive Insights (CVE-2020-9480)

Summary Apache Spark is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. See the Remediation/Fixes section and apply the recommended fixes. Vulnerability Details CVEID: CVE-2020-9480 DESCRIPTION: Apache Spark coul...

Security Bulletin: A vulnerability in WebSphere Application Server ND affects IBM Operations Analytics Predictive Insights (CVE-2020-4448)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a remote code execution security vulnerability affecting WAS Network Deployment has been published in a security bulletin. Vulnerability Details Refer to the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Operations Analytics Predictive Insights

Summary There are multiple vulnerabilities in IBM® SDK, Java Technology Edition Quarterly CPU, Apr 2020, which Includes Oracle Apr 2020 CPU minus CVE-2020-2773. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Vulnerability in the Java S...

Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Operations Analytics Predictive Insights (CVE-2020-4450)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Vulnerabilities in Faster-XML jackson databind affects IBM Operations Analytics Predictive Insights (CVE-2019-14060, CVE-2019-14661, CVE-2019-14662)

Summary Faster-XML Jackson Databind is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Jackson Databind within IBM Operations Analytics Predictive Insights is limited to the REST Mediation...

Security Bulletin: A vulnerability in Faster-XML jackson databind affects IBM Operations Analytics Predictive Insights (CVE-2019-144892, CVE-2019-144893)

Summary Faster-XML Jackson Databind is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Jackson Databind within IBM Operations Analytics Predictive Insights is limited to the REST Mediation...

Security Bulletin: Vulnerabilities in Apache Camel's JMX, Apache Camel RabbitMQ and Apache Camel Netty affects IBM Operations Analytics Predictive Insights (CVE-2020-11971, CVE-2020-11972, CVE-2020-11973)

Summary Apache Camel's JMX, Apache Camel RabbitMQ and Apache Camel Netty are used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. See Remediation/Fixes section to apply the recommended fixes. Vulnerability Details...

Security Bulletin: A vulnerability in Jackson Databind affects IBM Operations Analytics Predictive Insights (CVE-2020-8840)

Summary Jackson Databind is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Jackson Databind within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If...

Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Operations Analytics Predictive Insights (CVE-2020-4163)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics - Log Analysis (pre-login scenario)

Summary HTTP Host header value is use to generate links, import scripts and generate password resets. The value can be controlled by attacker and be exploited using web-cache poisoning and alternative channels. In Log Analysis, host header injection can be exploited to run scripts in the context ...

Security Bulletin: Cross site Scripting (Reflected) vulnerability in IBM Operations Analytics - Log Analysis

Summary Input fields accept some HTML special tags as part of input which can be used subsequently to send/include malicious request by external user to steal sensitive information from the applicaiton. Vulnerability Details Third Party Entry: PSIRT-ADV0022528 DESCRIPTION: Created from Advisory:...

Security Bulletin: Insecure Path Attribute in IBM Operations Analytics - Log Analysis (CSRFToken , LtpaToken2)

Summary The 'path' attribute signifies the URL or path for which the cookie is valid. If the path attribute is set to the web server root "/"directory, then the application along with the hosting web server becomes vulnerable to multiple attacks. The path is set to "/" -...

Security Bulletin: Content Spoofing vulnerability in IBM Operations Analytics - Log Analysis

Summary Content spoofing is an attack where an attacker place his/her text content in a legitimate page and misguide the legitimate application users. Vulnerability Details Third Party Entry: PSIRT-ADV0022524 DESCRIPTION: Created from Advisory: ADV0022524 CVSS Base score: 4.3 CVSS Vector:...