CVE-2012-4858 — Improper Input Validation in IBM Cognos Business Intelligence

CWE-20 — Improper Input Validation5 documents5 sources

Severity

9.3CRITICALNVD

GHSA5.0

EPSS

2.0%

top 16.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Business Intelligence

Timeline

PublishedMar 5

Latest updateMay 17

Description

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/cognos_business_intelligence4 versions+3

🔴Vulnerability Details

GHSA

GHSA-x883-wq6q-rvfh: IBM Cognos Business Intelligence (BI) 8↗2022-05-17

▶

GHSA

Denial of Service in Apache Tomcat↗2022-05-04

▶

CVEList

CVE-2012-4858: IBM Cognos Business Intelligence (BI) 8↗2013-03-02

▶

📋Vendor Advisories

Red Hat

tomcat: large number of parameters DoS↗2012-01-17

▶