Security Bulletin
Summary
Several security vulnerabilities have been identified in IBM Cognos BI which may allowing remote attackers to:
- Cause a denial of service condition via excessive CPU consumption,
- Inject arbitrary JavaScript code into the victim's web browser,
- Download arbitrary XML files from the server,
- Call any registered XPath extension functions,
- Execute arbitrary code via buffer overflow.
Vulnerability Details
VULNERABILITY DETAILS:
CVE ID: CVE-2011-3026
DESCRIPTION: The libpng graphic library is bundled with IBM Cognos BI. This vulnerability allows malicious users to overflow a buffer and execute arbitrary code on the server or cause the server to crash by requesting IBM Cognos BI to render a specifically crafted PNG image.
CVSS:
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/73240 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
None known
CVE ID: CVE-2011-4858
DESCRIPTION: Apache Tomcat is bundled with IBM Cognos BI. This Tomcat vulnerability allows remote attackers to cause a denial of service (CPU consumption) by sending a maliciously crafted HTTP request to the Cognos gateway.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72016 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
None known
CVE ID: CVE-2012-0498
DESCRIPTION: The Java Runtime Environment is bundled with IBM Cognos BI. This vulnerability allows malicious users to affect confidentiality, integrity, and availability by requesting IBM Cognos BI to render a specifically crafted image.
CVSS:
CVSS Base Score: 10
The CVSS base score represents the maximum CVSS base score assigned by X-Force for the vulnerabilities identified in this advisory.
AFFECTED PLATFORMS:
All supported Windows platforms for IBM Cognos BI.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
A patched version of the Java Runtime Environment (JRE) can be installed independently, and IBM Cognos BI can be configured to be run with the patched version of the JRE.
CVE ID: CVE-2012-2177
DESCRIPTION: IBM Cognos BI has a reflected cross-site scripting vulnerability requiring additional user interaction. The victim has to click a malicious link and then click an additional link on the rendered Web page. The attacker's JavaScript code is executed in the context of the victim's web browser.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/75400 for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
You can configure IBM Cognos BI 10.1 and above to use the httpOnly attribute for the session cookie. That would prevent the attacker from stealing the session id.
CVE ID: CVE-2012-2193
DESCRIPTION: IBM Cognos BI has a reflected cross-site scripting vulnerability requiring additional user interaction. The victim has to click a malicious link and then click an additional link on the rendered Web page. The attacker's JavaScript code is executed in the context of the victim's web browser.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/76098 for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
You can configure IBM Cognos BI to use the httpOnly attribute for the session cookie. That would prevent the attacker from stealing the session id.
CVE ID: CVE-2012-4835
DESCRIPTION: IBM Cognos BI has a reflected cross-site scripting vulnerability. The victim has to click a malicious link. The attacker's JavaScript code is executed in the context of the victim's web browser.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78917 for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
Configuring IBM Cognos BI 10.1 and above to use the httpOnly attribute for the session cookie helps prevent the attacker from stealing a users session id.
CVE ID: CVE-2012-4836
DESCRIPTION: IBM Cognos BI is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78918 for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
You can configure IBM Cognos BI 10.1 and above to use the httpOnly attribute for the session cookie. That would prevent the attacker from stealing the session id.
CVE ID: CVE-2012-4837
DESCRIPTION: IBM Cognos BI is vulnerable to XPath injection, caused by the improper validation of input prior to using it in a XPath (XML Path Language) query. By injecting arbitrary XPath code, a malicious user could exploit this vulnerability to read arbitrary XML files.
CVSS:
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78919 for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
None known
CVE ID: CVE-2012-4840
DESCRIPTION: IBM Cognos BI is vulnerable to XPath injection, caused by the improper validation of input prior to using it in a XPath (XML Path Language) query. By injecting arbitrary XPath code, a remote unauthenticated attacker could call any registered XPath extension function.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/79116 for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
None known
CVE ID: CVE-2012-4858
DESCRIPTION: IBM Cognos BI is vulnerable to a remote OS command injection due to missing validation of untrusted Java serialized input.
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/79801 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
AFFECTED PLATFORMS:
All supported platforms.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
None known
CVE ID: CVE-2012-5081
DESCRIPTION: The Java Runtime Environment is bundled with IBM Cognos BI. This vulnerability allows malicious users to affect availability.
CVSS:
CVSS Base Score: 5
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
AFFECTED PLATFORMS:
All supported Windows platforms for IBM Cognos BI.
REMEDIATION:
Apply Cognos Business Intelligence Interim Fixes for Security Exposure
Workaround(s):
None known, apply fixes
Mitigation(s):
A patched version of the Java Runtime Environment (JRE) can be installed independently, and IBM Cognos BI can be configured to be run with the patched version of the JRE.
REFERENCES:
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
28 November 2022
UID
swg21626697