Information Disclosure Vulnerability in IBM Cognos TM1 by IBM
CVE-2016-3037

5.7MEDIUM

Key Information:

Vendor: IBM Corporation
Status: Cognos TM1
Vendor: CVE Published:; 17 April 2017

🔔 Create IBM Corporation Vulnerability Alert

What is CVE-2016-3037?

IBM Cognos TM1 versions 10.1 and 10.2 are susceptible to an information disclosure vulnerability where an authenticated attacker can exploit a valid session key to retrieve sensitive user passwords. This flaw requires user interaction to facilitate the attack, allowing attackers to gain unauthorized access to user's account information, significantly undermining the security framework of the application. This vulnerability can lead to severe consequences if exploited, including unauthorized account access and data breaches.

Affected Version(s)

Cognos TM1 10.1

Cognos TM1 10.1.1

Cognos TM1 10.2.0.2

References

http://www.ibm.com/support/docview.wss?uid=swg21999649

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97917

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2017
Vulnerability Reserved
Mar 9, 2016