Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0202

CWE-119 — Buffer Overflow4 documents4 sources

Severity

10.0CRITICAL

EPSS

79.0%

top 0.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Cognos TM1

Timeline

PublishedMay 4

Latest updateMay 4

Description

Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/cognos_tm14 versions+3

🔴Vulnerability Details

GHSA

GHSA-fq48-3wjh-9wgm: Multiple stack-based buffer overflows in tm1admsd↗2022-05-04

▶

CVEList

CVE-2012-0202: Multiple stack-based buffer overflows in tm1admsd↗2012-05-04

▶

💥Exploits & PoCs

Exploit-DB

IBM Cognos - 'tm1admsd.exe' Remote Overflow (Metasploit)↗2013-01-08

▶