Information Disclosure Vulnerability in IBM Cognos TM1 by IBM
CVE-2016-3037

5.7MEDIUM

Key Information:

Vendor
CVE Published:
17 April 2017

Summary

IBM Cognos TM1 versions 10.1 and 10.2 are susceptible to an information disclosure vulnerability where an authenticated attacker can exploit a valid session key to retrieve sensitive user passwords. This flaw requires user interaction to facilitate the attack, allowing attackers to gain unauthorized access to user's account information, significantly undermining the security framework of the application. This vulnerability can lead to severe consequences if exploited, including unauthorized account access and data breaches.

Affected Version(s)

Cognos TM1 10.1

Cognos TM1 10.1.1

Cognos TM1 10.2.0.2

References

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.