Security Bulletin: Apache Commons Compress vulnerability has been identified in WebSphere Application Server Liberty shipped with IBM Operations Analytics - Log Analysis (CVE-2019-12402)

Summary Websphere Application Server Liberty is shipped with IBM Operations Analytics - Log Analysis. Information about the security vulnerability affecting WAS Liberty has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixe...

Security Bulletin: Information disclosure in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2014-3603)

Summary Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Log Analysis| 1.3.1 Log Analysis| 1.3.2...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by stack displayed in WebSphere Application Server (CVE-2019-4441)

Summary Java stack trace is displayed in WebSphere Application Server Vulnerability Details CVEID: CVE-2019-4441 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browse...

Security Bulletin: Bypass security restrictions in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2019-4304)

Summary Inadequate session invalidation allow bypass security restrictions in WebSphere Application Server Liberty Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Operations Analytics Predictive Insights October 2019 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 that is used by IBM Operations Analytics Predictive Insights 1.3.5 and earlier. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refre...

Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie

Summary A remote attacker is able to obtain sensitive information cause by the failure to set the HttpOnly and Secure attribute in the cookie. This allow attacker to intercept the transmission and obtain information from the cookie in clear text Vulnerability Details CVEID: CVE-2019-4214...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an Apache Zookeeper vulnerability (CVE-2019-4244)

Summary IBM Operations Analytics - Log Analysis has addressed the following vulnerability in Apache ZooKeeper. CVEs: CVE-2019-4244 Vulnerability Details CVEID: CVE-2019-4244 DESCRIPTION: CVSS Base score: 9.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159518 for...

Security Bulletin: Clickjacking vulnerability in IBM Operations Analytics - Log Analysis (CVE-2019-4215)

Summary There is a clickjacking vulnerability in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID: CVE-2019-4215 DESCRIPTION: CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159186 for the current score. CVSS Vector:...

Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM Operations Analytics - Log Analysis (CVE-2019-4243)

Summary A vulnerability on unrestricted access was addressed by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID: CVE-2019-4243 DESCRIPTION: CVSS Base score: 5.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159517 for the current score. CVSS...

Security Bulletin: IBM Operations Analytics - Log Analysis is vulnerable to potential Host Header Injection (CVE-2019-4216)

Summary IBM Operations Analytics - Log Analysis is vulnerable to HTTP header injection, as attacker can abuse the HTTP Host header. Vulnerability Details CVEID: CVE-2019-4216 DESCRIPTION: CVSS Base score: 4.6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159187 fo...

IBM Operations Analytics-Log Analysis Information Disclosure Vulnerability

IBM Operations Analytics-Log Analysis is a set of semi-structured data analysis solutions from IBM USA. The product is mainly used for application log analysis and problem diagnosis and so on. An information disclosure vulnerability exists in IBM Operations Analytics-Log Analysis, which stems fro...

IBM Operations Analytics-Log Analysis Unrestricted Access Vulnerability

IBM Operations Analytics-Log Analysis is a set of semi-structured data analysis solutions from IBM USA. The product is mainly used for application log analysis and problem diagnosis and so on. A security vulnerability exists in IBM Operations Analytics-Log Analysis. No detailed vulnerability...

IBM Operations Analytics-Log Analysis Clickjacking Vulnerability

IBM Operations Analytics-Log Analysis is a set of semi-structured data analysis solutions from IBM USA. The product is mainly used for application log analysis and problem diagnosis and so on. A security vulnerability exists in IBM Operations Analytics-Log Analysis. No detailed vulnerability...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2019-4268)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin File traversal...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2019-4270)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Cross-site scripting...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2019-4442)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Path traversal...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Operations Analytics Predictive Insights July 2019 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 that is used by IBM Operations Analytics Predictive Insights 1.3.5 and earlier. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refre...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Operations Analytics Predictive Insights April 2019 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 that is used by IBM Operations Analytics Predictive Insights 1.3.5 and earlier. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refre...

Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2019-4046)

Summary WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. Vulnerability Details CVEID: CVE-2019-4046 DESCRIPTION: IBM WebSphere Application Serve...

Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2019-0192)

Summary In Solr the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of unsafe deserialization in Solr to trigger remote code execution on the Solr side. Vulnerability Details CVEID: CVE-2019-0192...