CVE-2024-40685

Vulnerability

Overview

CVE-2024-40685 is a cross-site request forgery (CSRF) vulnerability affecting IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3, as well as IBM SmartCloud Analytics – Log Analysis. The root cause is the absence of proper CSRF token validation, which allows an attacker to craft malicious requests that are executed in the context of an authenticated user's session [1].

Exploitation

An attacker can exploit this vulnerability by tricking a logged-in user into clicking a crafted link or visiting a malicious page. No authentication is required on the attacker's part, but the victim must be authenticated to the affected application. The attack vector is network-based and requires user interaction [1].

Impact

Successful exploitation enables an attacker to perform unauthorized actions on behalf of the victim, such as modifying configuration settings or triggering log analysis operations. The CVSS v3 base score is 4.3 (Medium), with the vector indicating low impact to integrity and no impact to confidentiality or availability [1].

Mitigation

IBM has released a fix in version 1.3.8.3.8.3 Interim Fix 1 (1.3.8.3-TIV-IOALA-IF1) and recommends applying it from IBM Fix Central. No workarounds are available [1].