Information Disclosure in IBM Cognos Business Intelligence Products
CVE-2017-1764

7HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
23 April 2018

Summary

Certain versions of IBM Cognos Business Intelligence may inadvertently reveal plain text credentials to local users under specific conditions, potentially compromising sensitive data and user security. This issue underscores the necessity for robust security protocols and timely updates to safeguard against unauthorized access. Organizations should review their Cognos deployment and ensure necessary patches are applied to mitigate this risk.

Affected Version(s)

Cognos Business Intelligence 10.2

Cognos Business Intelligence 10.2.1

Cognos Business Intelligence 10.2.1.1

References

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.