71 matches found
Design/Logic Flaw
IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187...
CVE-2019-4215
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...
CVE-2019-4216
CVE-2019-4216 affects IBM Operations Analytics - Log Analysis (formerly SmartCloud/Log Analysis) versions 1.3.1–1.3.5. The vulnerability is a host header injection in HTTP requests, which could lead to HTTP cache poisoning or firewall bypass. The IBM security bulletin confirms the affected versio...
CVE-2019-4214
CVE-2019-4214 affects IBM SmartCloud Analytics / IBM Operations Analytics - Log Analysis versions 1.3.1–1.3.5. The issue is that authorization tokens and session cookies lack the Secure attribute, potentially allowing sensitive information to be exposed via MITM attacks. The NVD/NVD-derived data ...
CVE-2019-4214
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185...
Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365)
Summary IBM SmartCloud Analytics - Log Analysis product bundles the Open Source Python which is vulnerable to CVE-2014-9365 Vulnerability Details CVEID: CVE-2014-9365 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certifica...
Security Bulletin: Cross-site scripting in Oauth (CVE-2013-6738)
Summary Cross-site scripting in Oauth Vulnerability Details CVE ID: CVE-2013-6738 DESCRIPTION: OAuth /authorize endpoint will return an invalid query param in the response. This allows a script to be injected in the response. CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See for the current sco...
CVE-2013-6738
Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...
CVE-2013-6738
CVE-2013-6738 is an XSS vulnerability in IBM SmartCloud Analytics Log Analysis (OAuth endpoint) and in IBM WebSphere Application Server OAuth functionality. The initial entry states that IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 prior to 1.2.0.0-CSI-SCALA-IF0003 can be exploited to inject...
CVE-2013-6738
Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...