IBM Cognos Business Intelligence 10.2/10.2.1/10.2.1.1/10.2.2 Credentials privilege escalation

wpiseditHistoryDiffjsonxmlCTI

W IBM Cognos Business Intelligence 10.2/10.2.1/10.2.1.1/10.2.2 (Business Process Management Software) została odkryta podatność. Dotknięta jest nieznana funkcja. Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

Pole2018-04-24 08:552020-01-30 15:53
typeBusiness Process Management SoftwareBusiness Process Management Software
vendorIBMIBM
nameCognos Business IntelligenceCognos Business Intelligence
version10.2/10.2.1/10.2.1.1/10.2.210.2/10.2.1/10.2.1.1/10.2.2
cwe255 (przekroczenie uprawnień)255 (przekroczenie uprawnień)
risk11
historic00
cvss2_vuldb_basescore1.91.9
cvss2_vuldb_tempscore1.91.9
cvss2_vuldb_avLL
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_nvd_avLL
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiNN
cvss2_nvd_aiNN
cvss3_meta_basescore4.74.7
cvss3_meta_tempscore4.74.7
cvss3_vuldb_basescore2.52.5
cvss3_vuldb_tempscore2.52.5
cvss3_vuldb_avLL
cvss3_vuldb_acHH
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_nvd_avLL
cvss3_nvd_acHH
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
titlewordCredentialsCredentials
date1524441600 (2018-04-23)1524441600 (2018-04-23)
urlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/136149https://exchange.xforce.ibmcloud.com/vulnerabilities/136149
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22014202http://www.ibm.com/support/docview.wss?uid=swg22014202
price_0day$0-$5k$0-$5k
price_trend++
cveCVE-2017-1764CVE-2017-1764
cve_assigned14804640001480464000
cve_nvd_published15244344001524434400
cve_nvd_summaryIBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
seealso116965116965
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days55
cvss3_nvd_basescore7.07.0
discoverydate1524009600

Interested in the pricing of exploits?

See the underground prices here!