CVE-2024-40685 PUBLISHED

IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack

Assigner: ibm
Reserved: 08.07.2024 Published: 04.02.2026 Updated: 05.02.2026

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Operations Analytics - Log Analysis
Versions	affected from 1.3.5.0 to 1.3.8.3 (incl.)

Solutions

Principal Product and Version(s)Fix detailsIBM Operations Analytics - Log Analysis version 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3IBM strongly recommends addressing the vulnerability now by applying 1.3.8.3 Interim Fix 1 (1.3.8.3-TIV-IOALA-IF1) or later available from IBM Fix Central https://www.ibm.com/support/fixcentral/swg/selectFixes . Refer to README for upgrade instructions.

References

https://www.ibm.com/support/pages/node/7256429

Problem Types

CWE-352 Cross-Site Request Forgery (CSRF) CWE