Main Vulnerability Database SB2017110810

SB2017110810 - Multiple vulnerabilities in IBM Cognos Command Center

Published: November 8, 2017

Security Bulletin ID SB2017110810

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Remote code execution (CVE-ID: CVE-2017-10116)

The vulnerability allows a remote authenticated attacker to execute arbitrary code.

The weakness exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website, execute arbitrary code with elevated privileges and take full control over the system.

2) Information disclosure (CVE-ID: CVE-2017-10115)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unknown error. A remote attacker can disclose important data on the target system

Remediation

Install update from vendor's website.

References

http://www-01.ibm.com/support/docview.wss?uid=swg22009304&myns=swgimgmt&mynp=OCSSPLNP&mync=E&cm_sp=swgimgmt-_-OCSSPLNP-_-E