Medium Severity

Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics – Log Analysis (pre-login scenario)

Share this post:

HTTP Host header value is use to generate links, import scripts and generate password resets. The value can be controlled by attacker and be exploited using web-cache poisoning and alternative channels. In Log Analysis, host header injection can be exploited to run scripts in the context of the application by remote file inclusion in particular pre-login scenario.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6242210

More stories

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495)

Jul 10, 2020 8:00 pm EDT | Medium Severity

There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan. ...read more


Security Bulletin: Vulnerability identified in Apache ActiveMQ used in Cloud Pak System (CVE-2020-1941)

Jul 10, 2020 8:00 pm EDT | Medium Severity

Cross Site scripting vulnerability has been identified in the admin GUI of Apache ActiveMQ in IBM Cloud Pak System Software. Cloud Pak System addressed vulnerability and package removed. ...read more