Security Bulletin: Multiple vulnerabilities in IBM InfoSphere Optim Workload Replay (CVE-2015-1894, CVE-2015-1895)

Summary Multiple vulnerabilities have been identified in IBM® InfoSphere® Optim™ Workload Replay, allowing an attacker to obtain information or gain access to data and operations that are restricted to authorized users. Vulnerability Details CVEID: CVE-2015-1894 DESCRIPTION: IBM Optim Workload...

Authorization

IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior...

CVE-2015-1894

CVE-2015-1894 affects IBM InfoSphere Optim Workload Replay. The IBM advisory identifies a cross-site request forgery due to improper validation of user input that could let an attacker hijack an authenticated user’s session to perform actions, potentially enabling cross-site scripting through cra...

CVE-2015-1895

CVE-2015-1895 affects IBM InfoSphere Optim Workload Replay. The IBM bulletin confirms a vulnerability where “2.x before 2.1.0.3 relies on client-side code to verify authorization,” enabling a remote attacker to bypass authorization checks and gain unauthorized access to user actions. Affected ver...

IBM Optim Workload Replay Security Bypass Vulnerability

IBM InfoSphere Optim Workload Replay is an IBM solution for replaying real database production activities and providing reports on the impact of changes and identifying problems quickly. A security vulnerability exists in IBM Optim Workload Replay. The vulnerability allows an attacker to bypass...