CVE-2017-1764Insufficiently Protected Credentials in IBM Cognos Business Intelligence

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 89.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Business Intelligence
Timeline
PublishedApr 23
Latest updateMay 13

Description

IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/cognos_business_intelligence4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-4rcq-pp29-cjm3: IBM Cognos Business Intelligence 102022-05-13
CVEList
CVE-2017-1764: IBM Cognos Business Intelligence 102018-04-23
CVE-2017-1764 — Insufficiently Protected Credentials | cvebase