Command Execution Vulnerability in IBM Cognos Disclosure Management
CVE-2016-6077

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Cognos Disclosure Management
Vendor
CVE Published:
15 February 2017

Summary

IBM Cognos Disclosure Management 10.2 has a security vulnerability that enables an attacker to execute unauthorized commands by opening a malicious document. This can occur when a lower-privileged user unwittingly interacts with compromised files, leading to potential data breaches and system exploitation. For more details and mitigation strategies, refer to IBM's official documentation.

Affected Version(s)

Cognos Disclosure Management 10.2.0

Cognos Disclosure Management 10.1.1

Cognos Disclosure Management 10.2

References

http://www.securityfocus.com/bid/93829
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21991584
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.