Vulnerabilites related to IBM - SmartCloud Analytics Log Analysis
CVE-2024-40682 (GCVE-0-2024-40682)
Vulnerability from cvelistv5
Published
2025-07-23 11:14
Modified
2025-07-23 13:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Summary
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | SmartCloud Analytics Log Analysis |
Version: 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2 cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:15:24.186476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:15:30.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "SmartCloud Analytics Log Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input."
}
],
"value": "IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T11:14:18.732Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240264"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply Log Analysis version 1.3.8.2 Interim Fix 1. Download 1.3.8.2-TIV-IOALA-IF001. \u003cbr\u003eFor Log Analysis before version 1.3.8.2, upgrade to 1.3.8-TIV-IOALA-FP2 before installing this fix.\u003cbr\u003e"
}
],
"value": "Apply Log Analysis version 1.3.8.2 Interim Fix 1. Download 1.3.8.2-TIV-IOALA-IF001. \nFor Log Analysis before version 1.3.8.2, upgrade to 1.3.8-TIV-IOALA-FP2 before installing this fix."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM SmartCloud Analytics - Log Analysis denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40682",
"datePublished": "2025-07-23T11:14:18.732Z",
"dateReserved": "2024-07-08T19:30:52.530Z",
"dateUpdated": "2025-07-23T13:15:30.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41751 (GCVE-0-2024-41751)
Vulnerability from cvelistv5
Published
2025-07-23 11:09
Modified
2025-08-18 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Summary
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | SmartCloud Analytics Log Analysis |
Version: 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2 cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:25:21.212776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:25:23.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "SmartCloud Analytics Log Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data."
}
],
"value": "IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:29:44.858Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240255"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply Log Analysis version 1.3.8.2 Interim Fix 1. Download 1.3.8.2-TIV-IOALA-IF001. \u003cbr\u003eFor Log Analysis before version 1.3.8.2, upgrade to 1.3.8-TIV-IOALA-FP2 before installing this fix.\u003cbr\u003e"
}
],
"value": "Apply Log Analysis version 1.3.8.2 Interim Fix 1. Download 1.3.8.2-TIV-IOALA-IF001. \nFor Log Analysis before version 1.3.8.2, upgrade to 1.3.8-TIV-IOALA-FP2 before installing this fix."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM SmartCloud Analytics - Log Analysis security bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41751",
"datePublished": "2025-07-23T11:09:44.485Z",
"dateReserved": "2024-07-22T12:02:37.814Z",
"dateUpdated": "2025-08-18T01:29:44.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41750 (GCVE-0-2024-41750)
Vulnerability from cvelistv5
Published
2025-07-23 11:15
Modified
2025-08-18 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Summary
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | SmartCloud Analytics Log Analysis |
Version: 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2 cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:14:36.364993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:14:45.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "SmartCloud Analytics Log Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data."
}
],
"value": "IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:29:21.637Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240264"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply Log Analysis version 1.3.8.2 Interim Fix 1. Download 1.3.8.2-TIV-IOALA-IF001. \u003cbr\u003eFor Log Analysis before version 1.3.8.2, upgrade to 1.3.8-TIV-IOALA-FP2 before installing this fix.\u003cbr\u003e"
}
],
"value": "Apply Log Analysis version 1.3.8.2 Interim Fix 1. Download 1.3.8.2-TIV-IOALA-IF001. \nFor Log Analysis before version 1.3.8.2, upgrade to 1.3.8-TIV-IOALA-FP2 before installing this fix."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM SmartCloud Analytics - Log Analysis security bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41750",
"datePublished": "2025-07-23T11:15:12.334Z",
"dateReserved": "2024-07-22T12:02:37.813Z",
"dateUpdated": "2025-08-18T01:29:21.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40686 (GCVE-0-2024-40686)
Vulnerability from cvelistv5
Published
2025-07-23 11:12
Modified
2025-08-18 01:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Summary
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | SmartCloud Analytics Log Analysis |
Version: 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2 cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:07:51.496690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:08:01.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:smartcloud_analytics_log_analysis:1.3.8.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "SmartCloud Analytics Log Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."
}
],
"value": "IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:28:44.168Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240270"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply Log Analysis version 1.3.8.2 Interim Fix 1. Download 1.3.8.2-TIV-IOALA-IF001. \u003cbr\u003eFor Log Analysis before version 1.3.8.2, upgrade to 1.3.8-TIV-IOALA-FP2 before installing this fix.\u003cbr\u003e"
}
],
"value": "Apply Log Analysis version 1.3.8.2 Interim Fix 1. Download 1.3.8.2-TIV-IOALA-IF001. \nFor Log Analysis before version 1.3.8.2, upgrade to 1.3.8-TIV-IOALA-FP2 before installing this fix."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM SmartCloud Analytics - Log Analysis HOST header injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40686",
"datePublished": "2025-07-23T11:12:23.857Z",
"dateReserved": "2024-07-08T19:30:52.530Z",
"dateUpdated": "2025-08-18T01:28:44.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}