A remote attacker is able to obtain sensitive information cause by the failure to set the HttpOnly and Secure attribute in the cookie. This allow attacker to intercept the transmission and obtain information from the cookie in clear text
CVEID:CVE-2019-4214
DESCRIPTION:
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159185 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Log Analysis | 1.3.1 |
Log Analysis | 1.3.2 |
Log Analysis | 1.3.3 |
Log Analysis | 1.3.4 |
Log Analysis | 1.3.5 |
Principal Product and Version(s) | Fix details |
---|---|
IBM Operations Analytics - Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.3.1 and 1.3.5 | Upgrade existing version to Log Analysis 1.3.6 |
You can download the respective platform from Passport Advantage using part number
Part No Part Name
CC3VNEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Linux 64 bit ALL editions English
CC3VPEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 zLinux 64 bit ALL editions English
CC3VQEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Power8 ppc64le ALL editions English
None