Security Bulletin: Missing Secure HTTP Headers

Summary During internal penetration testing we identified that the IBM i2 Enterprise Insight Analysis application could be made more secure with the addition of some HTTP headers. Vulnerability Details CVEID: CVE-2018-1525 DESCRIPTION: IBM i2 Intelligent Analyis Platform could allow a remote...

Security Bulletin: IBM i2 Enterprise Insight Analysis. CVE-2018-12539

Summary IBM i2 Enterprise Insight Analysis is delivered with the IBM Java Runtime. A vulnerability was discovered in the IBM Java Runtime that can leave the product vulnerable to attacks allowing arbitrary code to be injected. Vulnerability Details CVEID: CVE-2018-12539 DESCRIPTION: Eclipse OpenJ...

IBM i2 Enterprise Insight Analysis Clickjacking Vulnerability

IBM i2 Enterprise Insight Analysis is a suite of data analytics and integration solutions from IBM USA. The product is characterized by interoperability and scalability. A clickjacking vulnerability exists in IBM i2 Enterprise Insight Analysis version 2.1.7, which can be exploited by remote...

IBM i2 Enterprise Insight Analysis Information Disclosure Vulnerability (CNVD-2018-26230)

IBM i2 Enterprise Insight Analysis is a suite of data analytics and integration solutions from IBM USA. The product is characterized by interoperability and scalability. An information disclosure vulnerability exists in IBM i2 Enterprise Insight Analysis version 2.1.7, which originates when a...

CVE-2018-1525

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

Information disclosure

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

CVE-2018-1525

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

CVE-2018-1505

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413...

CVE-2018-1505

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413...

CVE-2018-1504

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2018-1504

CVE-2018-1504 affects IBM i2 Enterprise Insight Analysis 2.1.7. A remote attacker could persuade a victim to visit a malicious site to hijack the victim’s click actions (clickjacking), potentially enabling further attacks. The provided documents do not include explicit exploit details or a confir...

CVE-2018-1525

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

CVE-2018-1525

IBM i2 Enterprise Insight Analysis 2.1.7 is affected by a vulnerability where HTTP Strict Transport Security was not properly enabled, enabling potential information disclosure via man-in-the-middle attacks. The IBM bulletin indicates the issue lies in missing secure headers and notes an upgrade ...

CVE-2018-1505

IBM i2 Enterprise Insight Analysis 2.1.7 is affected by an information disclosure vulnerability where web pages can be stored locally and read by another user on the same system. The IBM bulletin indicates remediation by upgrading to the 2.2.0 release (updates include added secure headers; applie...

Security Bulletin: CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr

Summary A potential security vulnerability has been identified for systems that are set up to use basic authentication. The version of Solr that is included with both IBM i2 Enterprise Insight Analysis and IBM i2 Analyze is affected, and has been patched in the latest fix pack. Vulnerability...

Security Bulletin: Onyx link security (PO07142)

Summary Links that have the same access levels as their ends, but receive them through different security settings, are not returned correctly in search results. This can result in search results being incorrectly removed. Vulnerability Details This issue affects systems that use IBM i2 Analyze...