Information Disclosure in IBM Cognos Business Intelligence Products
CVE-2017-1764
7HIGH
Summary
Certain versions of IBM Cognos Business Intelligence may inadvertently reveal plain text credentials to local users under specific conditions, potentially compromising sensitive data and user security. This issue underscores the necessity for robust security protocols and timely updates to safeguard against unauthorized access. Organizations should review their Cognos deployment and ensure necessary patches are applied to mitigate this risk.
Affected Version(s)
Cognos Business Intelligence 10.2
Cognos Business Intelligence 10.2.1
Cognos Business Intelligence 10.2.1.1
References
CVSS V3.1
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved