Local File Exposure in IBM Cognos Analytics
CVE-2017-1125

3.3LOW

Key Information:

Vendor: IBM
Status: Cognos Business Intelligence
Vendor: CVE Published:; 7 June 2017

🔔 Create IBM Vulnerability Alert

What is CVE-2017-1125?

The vulnerability in IBM Cognos Analytics versions 10.1 and 10.2 allows a local user to create a specially crafted URL. This URL can confirm the presence of specific files on the system and potentially expose sensitive content contained within those files. This poses a risk to data confidentiality and integrity, making it crucial for users to mitigate the exposure.

Affected Version(s)

Cognos Business Intelligence 10.1.1

Cognos Business Intelligence 10.2

Cognos Business Intelligence 10.2.1

References

http://www.ibm.com/support/docview.wss?uid=swg22004036

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/121340

x_refsource_MISC

http://www.securityfocus.com/bid/98945

vdb-entryx_refsource_BID

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2017
Vulnerability Reserved
Nov 30, 2016

.