2 matches found
CVE-2020-4292
CVE-2020-4292 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.4. The issue is an overly permissive cross-origin resource sharing (CORS) policy that can disclose sensitive information by including untrusted domains in the policy. The IBM bulletin confirms the root cause as the cro...
Security Bulletin: IBM Security Information Queue has overly permissive CORS policy (CVE-2020-4292)
Summary The cross-origin resource sharing CORS policy in IBM Security Information Queue ISIQ is too permissive. It allows all origins to access the ISIQ Web Server resources when such cross-domain accesses are unnecessary for ISIQ functionality. As of v1.0.5, ISIQ no longer permits cross-origin...