Stack-based Buffer Overflow in IBM Cognos TM1 Admin Server
CVE-2012-0202

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Tm1
Vendor: CVE Published:; 4 May 2012

Summary

The Admin Server component in IBM Cognos TM1 contains multiple stack-based buffer overflow vulnerabilities due to improper handling of crafted data in the tm1admsd.exe executable. These flaws may allow remote attackers to crash the daemon, resulting in a denial of service, or potentially execute arbitrary code. Users of IBM Cognos TM1 versions 9.4.x and 9.5.x before 9.5.2 FP2 are particularly at risk and should take immediate action to safeguard their systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/73182

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21590314

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg24032164

x_refsource_CONFIRM

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 4, 2012
Vulnerability Reserved
Dec 14, 2011