10 matches found
CVE-2019-4215
CVE-2019-4215 affects IBM Operations Analytics - Log Analysis versions 1.3.1 through 1.3.5 and is a clickjacking vulnerability. The IBM Security Bulletin details a vulnerability in Log Analysis that could allow a remote attacker to hijack the victim’s click actions by persuading them to visit a m...
CVE-2019-4216
CVE-2019-4216 affects IBM Operations Analytics - Log Analysis (formerly SmartCloud/Log Analysis) versions 1.3.1–1.3.5. The vulnerability is a host header injection in HTTP requests, which could lead to HTTP cache poisoning or firewall bypass. The IBM security bulletin confirms the affected versio...
CVE-2013-6738
CVE-2013-6738 is an XSS vulnerability in IBM SmartCloud Analytics Log Analysis (OAuth endpoint) and in IBM WebSphere Application Server OAuth functionality. The initial entry states that IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 prior to 1.2.0.0-CSI-SCALA-IF0003 can be exploited to inject...
CVE-2019-4243
CVE-2019-4243 affects IBM Operations Analytics - Log Analysis (Solr component) for versions 1.3.1–1.3.5. The vulnerability allows unauthorized disclosure by enabling access to files such as solrconfig.xml and could enable disruptive administrator actions due to unrestricted access. IBM's remediat...
CVE-2019-4214
CVE-2019-4214 affects IBM SmartCloud Analytics / IBM Operations Analytics - Log Analysis versions 1.3.1–1.3.5. The issue is that authorization tokens and session cookies lack the Secure attribute, potentially allowing sensitive information to be exposed via MITM attacks. The NVD/NVD-derived data ...
CVE-2019-4244
CVE-2019-4244 affects IBM Operations Analytics - Log Analysis (Log Analysis) components running on IBM SmartCloud Analytics. The vulnerability stems from missing authentication in the Apache Zookeeper integration, allowing a remote attacker to gain unauthorized information and unrestricted contro...
CVE-2024-41751
IBM SmartCloud Analytics - Log Analysis (versions 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2) is affected by CVE-2024-41751, a CWE-602 client-side enforcement bypass that enables a local, authenticated attacker to manipulate data by bypassing security controls on the client. The Red Hat...
CVE-2024-40686
The CVE-2024-40686 issue affects IBM SmartCloud Analytics - Log Analysis versions 1.3.7.0 through 1.3.8.2. Root cause: improper validation of input in the HOST header, enabling HTTP header injection. Consequences stated in the sources include potential cross-site scripting, cache poisoning, or se...
CVE-2024-40682
CVE-2024-40682 affects IBM Operations Analytics - Log Analysis. Affected versions are 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2. The vulnerability arises from improper validation of a specified input type, allowing a local user to cause a denial of service. IBM’s remediation advise...
CVE-2024-41750
CVE-2024-41750 affects IBM Operations Analytics - Log Analysis (versions 1.3.7.0 to 1.3.8.2). Root cause: client-side security enforcement can be bypassed, enabling a local, authenticated attacker to manipulate data by bypassing input/validation checks. The IBM Security Bulletin confirms a relate...