8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Cognos Analytics is vulnerable to a privilege escalation attack that could grant a user the Capabilities of another.
CVEID: CVE-2016-8960**
DESCRIPTION:** IBM Cognos Business Intelligence could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege userβs cookie value from its HTTP request and then reusing it in subsequent requests.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118849 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM Cognos Analytics 11.0.0.0 to 11.0.5.0.
http://www.ibm.com/support/docview.wss?uid=swg24043412
There is a product setting which can be used to eliminate this vulnerability for the CA Server as follows:
1. Launch IBM Cognos Configuration
2. Select Local Configuration
3. Select Advanced Properties
4. Add a property with Name=βEnableSecureUserCapabilitiesCacheβ and Value=βtrueβ
5. Save the configuration
6. Restart the Cognos CA Server
In a distributed installation all CA Server instances should apply the setting.
A side effect of enabling this setting is that the user may experience the error DPR-ERR-2107 βThe User Capabilities Cache cookie cannot be decodedβ if her browser session with Cognos remains idle for longer than the Inactivity Timeout, which is one hour by default . It may also be seen the first time the setting is enabled after restarting in any Cognos browser sessions that remained open since the restart.
The DPR-ERR-2017 error can be resolved by clearing the browserβs cookies.
The Inactivity Timeout is found in the Configuration tool under Security / Authentication.
CPE | Name | Operator | Version |
---|---|---|---|
ibm cognos analytics | eq | 11.0 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P