Authentication Bypass in IBM Cognos Express Vulnerability
CVE-2010-0557

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Express
Vendor: CVE Published:; 5 February 2010

Summary

IBM Cognos Express 9.0 has a security flaw that permits unauthorized users to access the Tomcat Manager component due to hardcoded credentials. This vulnerability may lead to denial of service attacks, as attackers can exploit it to gain control over server functions, potentially disrupting operations and affecting the availability of the service.

References

http://www.osvdb.org/62118

vdb-entryx_refsource_OSVDB

http://www-01.ibm.com/support/docview.wss?uid=swg21419179

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2010/0297

vdb-entryx_refsource_VUPEN

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 5, 2010