Denial of Service Vulnerability in IBM Cognos TM1 by IBM
CVE-2016-0381

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 May 2016

Summary

The vulnerability arises in IBM Cognos TM1 version 10.2.2 before FP5, where an empty setting in AdminGroups allows remote authenticated users to trigger a denial of service. By submitting a non-empty value in this context, the system may experience a configuration outage, impacting availability and system performance. Organizations using this version should be aware of the potential for service disruption and take necessary precautions.

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.