CVE-2017-1784 — Sensitive Information Exposure in IBM Cognos Analytics

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 63.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Analytics

Timeline

PublishedJan 29

Latest updateMay 13

Description

IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/cognos_analytics8 versions+7

▶NVDibm/cognos_analytics8 versions+7

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-pm7j-hcwj-f489: IBM Cognos Analytics 11↗2022-05-13

▶

CVEList

CVE-2017-1784: IBM Cognos Analytics 11↗2018-01-29

▶