PT-2014-6130 · Ibm · Ibm Cognos Mobile
Publicado
2014-11-05
·
Atualizado
2017-08-29
·
CVE-2014-4810
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Mobile versions 10.1.1 before FP3 IF1
IBM Cognos Mobile versions 10.2.0 before FP2 IF1
IBM Cognos Mobile versions 10.2.1 before FP4 IF1
Description
The issue allows remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before a logoff. This occurs because a session between the Cognos Mobile server and the Cognos Business Intelligence server is preserved after a logoff action on a mobile device.
Recommendations
For IBM Cognos Mobile version 10.1.1, update to FP3 IF1 or later to resolve the issue.
For IBM Cognos Mobile version 10.2.0, update to FP2 IF1 or later to resolve the issue.
For IBM Cognos Mobile version 10.2.1, update to FP4 IF1 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Cognos Mobile