119 matches found
EUVD-2016-0416
Malware in sbrugna...
EUVD-2012-1084
Malware in sbrugna...
EUVD-2016-4110
Malware in sbrugna...
EUVD-2017-10522
Malware in sbrugna...
EUVD-2012-6205
Malware in sbrugna...
EUVD-2014-0907
Malware in sbrugna...
EUVD-2016-4109
Malware in sbrugna...
EUVD-2014-0893
Malware in sbrugna...
CVE-2012-1046
Cross-site scripting XSS vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696...
VulnCheck KEV: CVE-2019-4716
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting...
IBM Planning Analytics Remote Code Execution Vulnerability
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting...
Additional Information About CVE-2019-4716
On February 11th the following Security Bulletin was released: https://www.ibm.com/support/pages/node/1127781 This article provides important details about CVE-2019-4716. This vulnerability impacts the TM1 database component from IBM Planning Analytics Local and IBM Planning Analytics on Cloud...
Security Bulletin: IBM Planning Analytics has addressed a security vulnerability (CVE-2016-2183)
Summary This Security Bulletin addresses a security vulnerability that has been remediated in IBM Planning Analytics 2.0.9.5 Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, us...
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule "IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in...
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution Exploit (2)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule "IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in...
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution
Hi, Here's a fun one I have been working on for some time. tl;dr IBM PA / TM1, dating back to 2014, maybe 2009 is vulnerable to a unauthenticated configuration overwrite; this is abused to "fake authenticate" to it, and finally execute code as root / SYSTEM using TM1 scripting. Advisory below,...
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution Exploit
IBM Cognos TM1 Server / Planning Analytics Server TM1 suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module. IBM PA / TM1, dating back to...
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos TM1
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. This issue was disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified vulnerability related to the Java SE Security...
Security Bulletin: Security Vulnerabilities have been identified in IBM Cognos Business Intelligence used with IBM Cognos TM1 (CVE-2016-0217, CVE-2016-0221).
Summary IBM Cognos Business Intelligence integrates with IBM Cognos TM1. Information about a security vulnerability affecting IBM Cognos Business Intelligence has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: IBM Cognos Busine...
Security Bulletin: A Security Vulnerability exist in IBM Cognos TM1
Summary A vulnerability has been addressed for PM Hub config exposed via web interface Vulnerability Details CVEID: CVE-2016-0381 DESCRIPTION: IBM TM1 Cognos is vulnerable to a denial of service, caused by an administrator blanking-out a value called "AdminGroups" in the IBM Cognos Performance...