IBM Support

Security Bulletin: Netcool Operations Insight - Missing or insecure headers

Security Bulletin


Summary

AppScan detected multiple low severity http header issues.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)Version(s)
Netcool Operations Insight1.4.x
Netcool Operations Insight1.5.x
Netcool Operations Insight1.6.x

Remediation/Fixes

Move to IBM Netcool Operations Insight V1.6.3 on Red Hat OpenShift

https://www.ibm.com/support/knowledgecenter/en/SSTPTP_1.6.3/com.ibm.netcool_ops.doc/soc/integration/task/soc_int_upgrade_cloud.html

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Missing or insecure "X-XSS-Protection" header
Reported Severity (from Report): Low
Reasoning:
AppScan detected that the X-XSS-Protection response header is missing or with an insecure value, which may allow Cross-Site Scripting attacks

Unnecessary Http Response Headers found in the Application
Reported Severity (from Report): Low
Reasoning:
The response contains unnecessary headers, which may help attackers in planning further attacks.

Missing or insecure "X-Content-Type-Options" header
Reported Severity (from Report): Low
Reasoning:
AppScan detected that the "X-Content-Type-Options" response header is missing or has an insecure value, which increases exposure to drive-by download attacks

Missing or insecure "Content-Security-Policy" header
Reported Severity (from Report): Low
Reasoning:
AppScan detected that the Content-Security-Policy response header is missing or with an insecure policy, which increases exposure to various cross-site injection attacks

Change History

12 Feb 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide


[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSTPTP","label":"Netcool Operations Insight"},"Component":"","Platform":[{"code":"PF040","label":"RedHat OpenShift"}],"Version":"1.4.x, 1.5.x, 1.6.x","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

More support for:
Netcool Operations Insight

Software version:
1.4.x, 1.5.x, 1.6.x

Operating system(s):
RedHat OpenShift

Document number:
6415643

Modified date:
15 February 2021

UID

ibm16415643

Manage My Notification Subscriptions

Page Feedback