The internal HTTP proxy server deployed as part of the IBM Tealeaf Customer Experience Replay Server accepts requests from any network host, not only from local renderers.
CVEID: CVE-2016-5968**
DESCRIPTION:** IBM Tealeaf Replay Server allows remote attackers to use one of its web services as a proxy to forward HTTP requests to other internal/external Web resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116303 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
IBM Tealeaf Customer Experience 8.0-9.0.2
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM Tealeaf Customer Experience
|
9.0.2A
IBM Tealeaf Customer Experience
|
9.0.2
IBM Tealeaf Customer Experience
|
9.0.1A
IBM Tealeaf Customer Experience
|
9.0.1
IBM Tealeaf Customer Experience
|
9.0.0, 9.0.0A
| You can contact the Technical Support team for guidance.
IBM Tealeaf Customer Experience
|
8.8
IBM Tealeaf Customer Experience
|
8.7
IBM Tealeaf Customer Experience
|
8.6 and earlier
| You can contact the Technical Support team for guidance.
Limit access to ports 38001 and 38002 on all systems running instances of the Replay Server to local processes.
CPE | Name | Operator | Version |
---|---|---|---|
tealeaf customer experience | eq | any |