Vulnerabilities > CVE-2013-5445 - Cryptographic Issues vulnerability in IBM Cognos Express
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667626 "Encrypted credentials can be remotely retrieved from the IBM Cognos Express server."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:66361 CVE ID:CVE-2013-5445 IBM Cognos Express是一款为满足中型企业的需求而构建的商业智能和计划集成解决方案。 IBM Cognos Express存在未明安全漏洞,远程攻击者可以利用漏洞获取服务器上的加密验证凭据。 0 IBM Cognos Express 10.2.1 IBM Cognos Express 10.1 IBM Cognos Express 9.5 IBM Cognos Express 9.0 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://www-01.ibm.com/support/docview.wss?uid=swg21667626 |
| id | SSV:61917 |
| last seen | 2017-11-19 |
| modified | 2014-03-25 |
| published | 2014-03-25 |
| reporter | Root |
| title | IBM Cognos Express敏感信息泄漏漏洞 |