Information Disclosure Vulnerability in IBM Cognos Express
CVE-2013-5445

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Express
Vendor: CVE Published:; 25 March 2014

Summary

IBM Cognos Express versions 9.0, 9.5, 10.1, and 10.2.1 have a vulnerability that allows local users to gain access to sensitive information. This risks the exposure of sensitive cleartext data due to the presence of a static decryption key in earlier releases. Users with knowledge of this key can exploit the vulnerability, potentially compromising confidential information and leading to security breaches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/87821

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21667626

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 25, 2014
Vulnerability Reserved
Aug 22, 2013