Security Advisory - EventLog Analyzer versions 12200 and below.

Security Advisory - EventLog Analyzer versions 12200 and below.

We have addressed a recently discovered authentication bypass vulnerability affecting the REST API URLs in EventLog Analyzer. This article provides more information on the issue and how to resolve it.

 

What is the issue?

An authentication bypass vulnerability affecting REST API URLs.

 

What is the severity of the vulnerability?

This is a critical issue.

 

Which versions of EventLog Analyzer are affected?

EventLog Analyzer builds up to 12200 are affected.

 

How does it impact EventLog Analyzer users?

This vulnerability allows attackers to gain unauthorized access to the product through REST API endpoints by sending a specially crafted request. This would allow the attacker to carry out subsequent attacks.

 

Is there a fix for this issue?

This vulnerability can be exploited in unpatched EventLog Analyzer installations. We recommend you to update EventLog Analyzer to the latest build (12201) using the service pack as soon as possible.

 

If you need further information, have any questions, or face any difficulties in updating EventLog Analyzer, please get in touch with us at support@eventloganalyzer.com, or 1-925-924-9500 (toll-free).