Java Deserialization Flaw in IBM Cognos Business Intelligence Products
CVE-2012-4858

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Business Intelligence
Vendor: CVE Published:; 5 March 2013

Summary

IBM Cognos Business Intelligence products prior to specified versions are susceptible to a vulnerability that arises from improper validation of Java serialized input. This flaw permits remote attackers to execute arbitrary commands on affected systems, potentially leading to unauthorized access and manipulation of sensitive data.

References

http://www-01.ibm.com/support/docview.wss?uid=swg24034373

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/79801

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21626697

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 5, 2013
Vulnerability Reserved
Sep 6, 2012