IBM Support

Security Bulletin: Multiple vulnerabilities in IBM Cognos Express (CVE-2013-5443, CVE-2013-5445, CVE-2013-5444, CVE-2013-2407, CVE-2013-2450, CVE-2013-0169, CVE-2013-1478, CVE-2013-1480)

Security Bulletin


A number of security vulnerabilities in IBM Cognos Express have been identified and addressed in a software update.

Vulnerability Details

CVE ID: CVE-2013-5443

CVE ID: CVE-2013-5445

CVE ID: CVE-2013-5444

CVE ID: CVE-2013-2407

CVE ID: CVE-2013-2450

CVE ID: CVE-2013-0169

    The IBM Java JRE used in IBM Cognos Express is susceptible to a Transport Layer Security protocol (used in HTTPS) vulnerability known as "Lucky Thirteen." The vulnerability could allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzing timing data for crafted packets.

    CVSS Base Score: 4.3
    CVSS Temporal Score: See for the current score
    CVSS Environmental Score*: Undefined
    CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

    IBM Cognos Express 10.1
    IBM Cognos Express 9.5
    IBM Cognos Express 9.0

    The recommended solution is to apply the fix in one of the versions listed.

CVE ID: CVE-2013-1478

CVE ID: CVE-2013-1480

Workarounds and Mitigations

None. Install the fixes as listed above.

Get Notified about Future Security Bulletins


Related information

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.


According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document information

More support for: Cognos Express

Software version: 9.0, 9.5, 10.1, 10.2.1

Operating system(s): Windows

Reference #: 1667626

Modified date: 20 March 2014