PT-2019-16948 · Ibm · Ibm Cognos Controller
Published
2019-06-17
·
Updated
2023-02-03
·
CVE-2019-4173
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Controller versions 10.2.0 through 10.4.0
Description
A flaw in the HTTP OPTIONS method, also known as Optionsbleed, could allow a remote attacker to obtain sensitive information. By sending an OPTIONS HTTP request to the
/ API endpoint, a remote attacker could exploit this issue to read secret data from process memory and obtain sensitive information.Recommendations
For IBM Cognos Controller versions 10.2.0 through 10.4.0, consider restricting access to the HTTP OPTIONS method as a temporary workaround until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Controller