Multiple vulnerabilities in IBM Cognos Analytics
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2018-1842 CVE-2017-7525 CVE-2017-15095 CVE-2017-12624 CVE-2018-1426 CVE-2018-1427 CVE-2018-1428 CVE-2018-1447 CVE-2018-0739 CVE-2017-3732 CVE-2016-0705 CVE-2017-3737 CVE-2017-3736 CVE-2017-3735 |
| CWE-ID | CWE-264 CWE-502 CWE-20 CWE-19 CWE-338 CWE-190 CWE-327 CWE-521 CWE-400 CWE-310 CWE-415 CWE-125 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
IBM Cognos Analytics Client/Desktop applications / Office applications |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU15752
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1842
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to unspecified flaw. A local unauthenticated attacker can bypass OIDC namespace signature verification on the id_token.
MitigationUpdate to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Deserialization of untrusted data
EUVDB-ID: #VU9128
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7525
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a deserialization flaw in the jackson-databind component. A remote attacker can send a specially crafted input to the readValue method of the ObjectMapper and execute arbitrary code with privileges of the target service.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Remote code execution
EUVDB-ID: #VU9607
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15095
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the jackson-databind development library due to improper implementation of blacklists for input handled by the ObjectMapper object readValue method. A remote unauthenticated attacker can send a malicious input and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Data handling
EUVDB-ID: #VU11285
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12624
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to data handling. A remote attacker can send specially crafted message attachment header and cause the service to crash.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of cryptographically weak PRNG
EUVDB-ID: #VU12311
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1426
CWE-ID:
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU12310
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1427
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to IBM GSKit contains several environment variables. A local attacker can cause the service to crash.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU12309
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1428
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to IBM GSKit uses weaker than expected cryptographic algorithms. A local attacker can gain access to potentially sensitive information.
Update to version 11.0.3.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Weak passwords requirements
EUVDB-ID: #VU12308
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1447
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. A local attacker can gain access to potentially sensitive information.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource exhaustion
EUVDB-ID: #VU11294
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0739
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to excessive stack memory consumption. A remote attacker can cause the service to crash.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU5442
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3732
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to propagating error in the x86_64 Montgomery squaring procedure. A remote attacker with access to unpatched vulnerable system that uses a shared private key with Diffie-Hellman (DH) parameters set can gain unauthorized access to sensitive private key information.
According to vendor’s advisory, this vulnerability is unlikely to be exploited in real-world attacks, as it requires significant resources and online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.
Vulnerability exploitation against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.
MitigationUpdate to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Double free error
EUVDB-ID: #VU1622
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0705
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU9594
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3737
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.
The weakness exists due to an "error state mechanism" when SSL_read() or SSL_write() is called directly after SSL object. A remote attacker can a specially crafted input, trigger a fatal error during a handshake and return it in the initial function call to access or modify sensitive information.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Carry propagation issue
EUVDB-ID: #VU9109
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3736
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt data.
The vulnerability exists due to carry propagating bug in the x86_64 Montgomery squaring procedure (bn_sqrx8x_internal). A remote attacker can decrypt encrypted data. The vulnerability affects processors that support the BMI1, BMI2 and ADX extensions like
Intel Broadwell (5th generation) and later or AMD Ryzen.
Update to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU8487
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:W/RC:C]
CVE-ID: CVE-2017-3735
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.
MitigationUpdate to version 11.0.13.
Vulnerable software versionsIBM Cognos Analytics: 11.0.0 - 11.0.12
External linkshttp://www-01.ibm.com/support/docview.wss?uid=ibm10738249
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
