Local File Exposure in IBM Cognos Analytics
CVE-2017-1125
3.3LOW
Summary
The vulnerability in IBM Cognos Analytics versions 10.1 and 10.2 allows a local user to create a specially crafted URL. This URL can confirm the presence of specific files on the system and potentially expose sensitive content contained within those files. This poses a risk to data confidentiality and integrity, making it crucial for users to mitigate the exposure.
Affected Version(s)
Cognos Business Intelligence 10.1.1
Cognos Business Intelligence 10.2
Cognos Business Intelligence 10.2.1
References
CVSS V3.1
Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved