CVE-2013-2978 — Path Traversal in IBM Cognos Business Intelligence

CWE-22 — Path Traversal3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 66.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Business Intelligence

Timeline

PublishedAug 27

Latest updateMay 17

Description

Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/cognos_business_intelligence5 versions+4

🔴Vulnerability Details

GHSA

GHSA-rw75-3484-5hqp: Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8↗2022-05-17

▶

CVEList

CVE-2013-2978: Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8↗2013-08-27

▶