Local File Exposure in IBM Cognos Analytics
CVE-2017-1125

3.3LOW

Key Information:

Vendor
IBM
Status
Cognos Business Intelligence
Vendor
CVE Published:
7 June 2017

Summary

The vulnerability in IBM Cognos Analytics versions 10.1 and 10.2 allows a local user to create a specially crafted URL. This URL can confirm the presence of specific files on the system and potentially expose sensitive content contained within those files. This poses a risk to data confidentiality and integrity, making it crucial for users to mitigate the exposure.

Affected Version(s)

Cognos Business Intelligence 10.1.1

Cognos Business Intelligence 10.2

Cognos Business Intelligence 10.2.1

References

http://www.ibm.com/support/docview.wss?uid=swg22004036
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/121340
x_refsource_MISC
http://www.securityfocus.com/bid/98945
vdb-entryx_refsource_BID

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.