Medium Severity

Security Bulletin: Aspera on Cloud CVE-2020-8184

Share this post:

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Prior to discovery of this vulnerability, Aspera on Cloud used rack gem V2.2.2. Once the vulnerability was identified the version of rack gem used was upgraded to V2.2.3, which does not contain this vulnerability. Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Aspera on Cloud All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6338791

More stories

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring returns potentially sensitive information in headers which could lead to further attacks against the system.

Mar 8, 2021 7:00 pm EST | Medium Severity

IBM Cloud Pak for Multicloud Management Monitoring returns potentially sensitive information in headers which could lead to further attacks against the system. ...read more


Security Bulletin: Google Protocol Buffers as used by IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2015-5237)

Mar 8, 2021 7:00 pm EST | Medium Severity

Google Protocol Buffers as used by IBM QRadar SIEM is vulnerable to arbitrary code execution ...read more


Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow – CVE-2021-20358

Mar 8, 2021 7:00 pm EST | Medium Severity

IBM Business Automation Workflow may leak sensitive information in trace when emitting events for Business Automation Insights. ...read more