Information Disclosure in IBM Cognos TM1 by IBM
CVE-2014-0863

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Tm1
Vendor: CVE Published:; 5 September 2014

Summary

The client component in IBM Cognos TM1 improperly handles password storage by obfuscating passwords in memory. This flaw enables remote authenticated users to extract sensitive, cleartext information using certain security tools, posing significant risks to data confidentiality and system integrity.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682397

x_refsource_CONFIRM

http://www.securityfocus.com/bid/69594

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/90937

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 5, 2014
Vulnerability Reserved
Jan 6, 2014