Security Bulletin: Multiple vulnerabilities in IBM Cognos Express (CVE-2013-5443, CVE-2013-5445, CVE-2013-5444, CVE-2013-2407, CVE-2013-2450, CVE-2013-0169, CVE-2013-1478, CVE-2013-1480)

Security Bulletin


Summary

A number of security vulnerabilities in IBM Cognos Express have been identified and addressed in a software update.

Vulnerability Details

CVE ID: CVE-2013-5443



CVE ID: CVE-2013-5445


CVE ID: CVE-2013-5444



CVE ID: CVE-2013-2407



CVE ID: CVE-2013-2450


CVE ID: CVE-2013-0169

    DESCRIPTION:
    The IBM Java JRE used in IBM Cognos Express is susceptible to a Transport Layer Security protocol (used in HTTPS) vulnerability known as "Lucky Thirteen." The vulnerability could allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzing timing data for crafted packets.

    CVSS:
    CVSS Base Score: 4.3
    CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81902 for the current score
    CVSS Environmental Score*: Undefined
    CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

    AFFECTED PLATFORMS:
    IBM Cognos Express 10.1
    IBM Cognos Express 9.5
    IBM Cognos Express 9.0

    REMEDIATION:
    The recommended solution is to apply the fix in one of the versions listed.



CVE ID: CVE-2013-1478



CVE ID: CVE-2013-1480


Workarounds and Mitigations

None. Install the fixes as listed above.

References

Related information

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Rate this page:

(0 users)Average rating

Document information


More support for:

Cognos Express

Software version:

9.0, 9.5, 10.1, 10.2.1

Operating system(s):

Windows

Reference #:

1667626

Modified date:

2014-03-20

Translate my page

Machine Translation

Content navigation