CVE-2014-4810

Опубликовано: 05 нояб. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21684608
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95386
http://www-01.ibm.com/support/docview.wss?uid=swg21684608
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95386

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cognos_mobile:10.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_mobile:10.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_mobile:10.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.0025

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-vcxp-3rhh-fwg2

github

больше 3 лет назад