CVE-2013-5445
Published Mar 25, 2014
Last updated 7 years ago
Overview
- Description
- IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- -
- Impact
- Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667626 "Encrypted credentials can be remotely retrieved from the IBM Cognos Express server."
- Solution
- Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667626 "Encrypted credentials can be remotely retrieved from the IBM Cognos Express server."
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cognos_express:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E0F50AE-539F-4F17-988A-9DD81192F576"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_express:9.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "892CBDCE-0ECD-4AA9-84C5-A5AE272C566A"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_express:10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9705C3F0-8FE0-418F-A1EF-ADC9AE0BB4CA"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_express:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF3D2946-00AA-4639-90DC-1A6CA17C78F9"
}
],
"operator": "OR"
}
]
}
]