Security Bulletin: Missing Secure HTTP Headers

Summary During internal penetration testing we identified that the IBM i2 Enterprise Insight Analysis application could be made more secure with the addition of some HTTP headers. Vulnerability Details CVEID: CVE-2018-1525 DESCRIPTION: IBM i2 Intelligent Analyis Platform could allow a remote...

Security Bulletin: IBM i2 Enterprise Insight Analysis. CVE-2018-12539

Summary IBM i2 Enterprise Insight Analysis is delivered with the IBM Java Runtime. A vulnerability was discovered in the IBM Java Runtime that can leave the product vulnerable to attacks allowing arbitrary code to be injected. Vulnerability Details CVEID: CVE-2018-12539 DESCRIPTION: Eclipse OpenJ...

Information disclosure

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

Design/Logic Flaw

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2018-1505

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413...

CVE-2018-1504

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2018-1525

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

Security Bulletin: CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr

Summary A potential security vulnerability has been identified for systems that are set up to use basic authentication. The version of Solr that is included with both IBM i2 Enterprise Insight Analysis and IBM i2 Analyze is affected, and has been patched in the latest fix pack. Vulnerability...

Security Bulletin: Onyx link security (PO07142)

Summary Links that have the same access levels as their ends, but receive them through different security settings, are not returned correctly in search results. This can result in search results being incorrectly removed. Vulnerability Details This issue affects systems that use IBM i2 Analyze...