Information Disclosure Vulnerability in IBM Cognos TM1 by IBM
CVE-2016-3037

5.7MEDIUM

Key Information:

Vendor: IBM Corporation
Status: Cognos TM1
Vendor: CVE Published:; 17 April 2017

Summary

IBM Cognos TM1 versions 10.1 and 10.2 are susceptible to an information disclosure vulnerability where an authenticated attacker can exploit a valid session key to retrieve sensitive user passwords. This flaw requires user interaction to facilitate the attack, allowing attackers to gain unauthorized access to user's account information, significantly undermining the security framework of the application. This vulnerability can lead to severe consequences if exploited, including unauthorized account access and data breaches.

Affected Version(s)

Cognos TM1 10.1

Cognos TM1 10.1.1

Cognos TM1 10.2.0.2

References

http://www.ibm.com/support/docview.wss?uid=swg21999649

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97917

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2017
Vulnerability Reserved
Mar 9, 2016