- Description
- IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-310
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667626 "Encrypted credentials can be remotely retrieved from the IBM Cognos Express server."
- Solution
- Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667626 "Encrypted credentials can be remotely retrieved from the IBM Cognos Express server."
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cognos_express:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E0F50AE-539F-4F17-988A-9DD81192F576"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_express:9.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "892CBDCE-0ECD-4AA9-84C5-A5AE272C566A"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_express:10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9705C3F0-8FE0-418F-A1EF-ADC9AE0BB4CA"
},
{
"criteria": "cpe:2.3:a:ibm:cognos_express:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF3D2946-00AA-4639-90DC-1A6CA17C78F9"
}
],
"operator": "OR"
}
]
}
]