Multiple vulnerabilities have been identified in IBM® InfoSphere® Optim™ Workload Replay, allowing an attacker to obtain information or gain access to data and operations that are restricted to authorized users.
CVEID: CVE-2015-1894**
DESCRIPTION:** IBM Optim Workload Replay is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, web cache poisoning, and other malicious activities.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101530> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVEID: CVE-2015-1895**
DESCRIPTION:** IBM Optim Workload Replay could allow a remote attacker to bypass security restrictions, caused by missing validation of user authorization. By bypassing client-side authorization checks, an attacker could exploit this vulnerability to bypass authorization checks and gain unauthorized access to various user actions.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101543> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
IBM InfoSphere Optim Workload Replay versions 2.1, 2.1.0.1, and 2.1.0.2.
Install InfoSphere Workload Replay v2.1.0.3.
None known