IBM Operations Analytics - Log Analysis is vulnerable to HTTP header injection, as attacker can abuse the HTTP Host header.
CVEID:CVE-2019-4216
DESCRIPTION:
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159187 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
Log Analysis | 1.3.1 |
Log Analysis | 1.3.2 |
Log Analysis | 1.3.3 |
Log Analysis | 1.3.4 |
Log Analysis | 1.3.5 |
Principal Product and Version(s) | Fix details |
---|---|
IBM Operations Analytics - Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.3.1 and 1.3.5 | Upgrade from current Log Analysis version to Log Analysis 1.3.6 |
You can download the respective platform from Passport Advantage using part number
Part No Part Name
CC3VNEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Linux 64 bit ALL editions English
CC3VPEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 zLinux 64 bit ALL editions English
CC3VQEN : IBM Operations Analytics Log Analysis Managed - Device based v1.3.6 Power8 ppc64le ALL editions English
None