PT-2014-6130 · Ibm · Ibm Cognos Mobile
Published
2014-11-05
·
Updated
2017-08-29
·
CVE-2014-4810
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Mobile versions 10.1.1 before FP3 IF1
IBM Cognos Mobile versions 10.2.0 before FP2 IF1
IBM Cognos Mobile versions 10.2.1 before FP4 IF1
Description
The issue allows remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before a logoff. This occurs because a session between the Cognos Mobile server and the Cognos Business Intelligence server is preserved after a logoff action on a mobile device.
Recommendations
For IBM Cognos Mobile version 10.1.1, update to FP3 IF1 or later to resolve the issue.
For IBM Cognos Mobile version 10.2.0, update to FP2 IF1 or later to resolve the issue.
For IBM Cognos Mobile version 10.2.1, update to FP4 IF1 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Mobile