PT-2021-3247 · Ibm · Ibm Cognos Analytics

Published

2021-05-31

Updated

2021-12-01

CVE-2019-4471

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.0 through 11.1

Description The issue is related to the lack of protection for service data in the online service for business analytics. It is caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this to obtain sensitive information.

Recommendations For versions 11.0 and 11.1, update the software to set the secure flag for sensitive cookies in HTTPS sessions to prevent unauthorized access to sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-311

Related Identifiers

BDU:2021-02966

CVE-2019-4471

Affected Products

Ibm Cognos Analytics

PT-2021-3247 · Ibm · Ibm Cognos Analytics

CVE-2019-4471

Weakness Enumeration

Related Identifiers

Affected Products

References · 9