Information Disclosure in IBM Cognos Business Intelligence Products
CVE-2017-1764

7HIGH

Key Information:

Vendor: IBM
Status: Cognos Business Intelligence
Vendor: CVE Published:; 23 April 2018

Summary

Certain versions of IBM Cognos Business Intelligence may inadvertently reveal plain text credentials to local users under specific conditions, potentially compromising sensitive data and user security. This issue underscores the necessity for robust security protocols and timely updates to safeguard against unauthorized access. Organizations should review their Cognos deployment and ensure necessary patches are applied to mitigate this risk.

Affected Version(s)

Cognos Business Intelligence 10.2

Cognos Business Intelligence 10.2.1

Cognos Business Intelligence 10.2.1.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/136149

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg22014202

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2018
Vulnerability Reserved
Nov 30, 2016