Skip to main content

Cognos Business Intelligence CVE-2016-9985

MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2017-03-08 psirt@us.ibm.com
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 08, 2017 - 19:59 cve.org
MEDIUM 5.5

DescriptionCVE.org

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

AnalysisAI

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-532. IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. Affected products include: Ibm Cognos Business Intelligence.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-4034 MEDIUM POC
4.0 Nov 18

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 befor

CVE-2012-4858 CRITICAL
9.3 Mar 05

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not

CVE-2016-8960 HIGH
8.8 Mar 27

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of

CVE-2016-3036 HIGH
7.5 Apr 17

IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing

CVE-2016-0254 MEDIUM
6.5 Jun 07

IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity In

CVE-2016-3037 MEDIUM
5.7 Apr 17

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. Rated medium s

CVE-2016-3038 MEDIUM
5.4 Apr 17

IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability

CVE-2016-0346 MEDIUM
5.4 Jul 03

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.

CVE-2016-0221 MEDIUM
5.4 Jul 03

Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20

CVE-2016-0218 MEDIUM
5.4 Feb 01

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper val

CVE-2013-3030 MEDIUM
5.0 Nov 18

The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 b

CVE-2012-4840 MEDIUM
5.0 Mar 05

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows r

Share

CVE-2016-9985 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy