IBM Operations Analytics Log Analysis Authentication Weakness Advisory

IBM Operations Analytics - Log Analysis Vulnerability Summary Vulnerability Overview IBM Operations Analytics - Log Analysis contains a weakness in its backend authentication and session management modules, which are part of the login mechanism. This exposes the product to improper authentication risks, including insufficient weak password policy enforcement and inadequate account lockout controls. Affected Products Software Versions: 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 Operating System: Linux Remediation No Direct Fix: The advisory does not provide a direct fix. Temporary Mitigation: Implement an LDAP user registry to replace the database-managed custom user registry. References Complete CVSS v3 Guide On-line Calculator v3 Related Resources IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Disclaimer The Common Vulnerability Scoring System (CVSS) is an industry standard defined by the Forum of Incident Response and Security Teams (FIRST) to convey vulnerability severity and help determine response urgency and priority. IBM provides CVSS scores "as is" without any expressed or implied warranties. Customers are responsible for evaluating the impact of the vulnerability on their specific use. IBM regularly updates component records within its product portfolio and addresses relevant vulnerabilities when identified, regardless of the CVE date. The referenced "Affected Products and Versions" refer only to versions of IBM products that are supported and have not reached end of support. Therefore, advisory references to products or versions that are unsupported or have extended support do not constitute a determination by IBM that such products are not affected by the vulnerability. Reference to one or more unsupported versions does not obligate IBM to fix any unsupported or extended support products or versions.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Operations Analytics Log Analysis Authentication Weakness Advisory

More from this source