CSRF Vulnerability in IBM Cognos Express Products
CVE-2013-5443

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Express
Vendor: CVE Published:; 25 March 2014

Summary

This vulnerability in IBM Cognos Express allows remote attackers to exploit cross-site request forgery (CSRF) by hijacking the authentication of legitimate users. Affected versions include Cognos Express 9.0 prior to IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1. Attackers can perform unauthorized actions on behalf of authenticated users, potentially leading to unauthorized access to sensitive data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/87819

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21667626

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 25, 2014
Vulnerability Reserved
Aug 22, 2013