Denial of Service Vulnerability in IBM Cognos TM1 10.1 and 10.2
CVE-2016-3036

7.5HIGH

Key Information:

Vendor: IBM Corporation
Status: Cognos TM1
Vendor: CVE Published:; 17 April 2017

Summary

IBM Cognos TM1 versions 10.1 and 10.2 are susceptible to a denial of service due to a stack-based buffer overflow that occurs during packet parsing. This vulnerability allows remote attackers to exploit the system, potentially leading to service interruptions. Users of the affected versions should take measures to mitigate the risks associated with this security issue.

Affected Version(s)

Cognos TM1 10.1

Cognos TM1 10.1.1

Cognos TM1 10.2.0.2

References

http://www.ibm.com/support/docview.wss?uid=swg21999649

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97918

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2017
Vulnerability Reserved
Mar 9, 2016