Vulnerabilities > CVE-2013-5444 - Cryptographic Issues vulnerability in IBM Cognos Express
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:66362 CVE ID:CVE-2013-5444 IBM Cognos Express是一款为满足中型企业的需求而构建的商业智能和计划集成解决方案。 IBM Cognos Express使用静态密钥进行加密,可帮助攻击者对不能访问的敏感信息进行解密。 0 IBM Cognos Express 10.2.1 IBM Cognos Express 10.1 IBM Cognos Express 9.5 IBM Cognos Express 9.0 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://www-01.ibm.com/support/docview.wss?uid=swg21667626 |
| id | SSV:61918 |
| last seen | 2017-11-19 |
| modified | 2014-03-25 |
| published | 2014-03-25 |
| reporter | Root |
| title | IBM Cognos Express本地信息泄漏漏洞 |