ID SSV:61917Type seebugReporter RootModified 2014-03-25T00:00:00
Description
Bugtraq ID:66361
CVE ID:CVE-2013-5445
IBM Cognos Express是一款为满足中型企业的需求而构建的商业智能和计划集成解决方案。
IBM Cognos Express存在未明安全漏洞,远程攻击者可以利用漏洞获取服务器上的加密验证凭据。
0
IBM Cognos Express 10.2.1
IBM Cognos Express 10.1
IBM Cognos Express 9.5
IBM Cognos Express 9.0
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞:
http://www-01.ibm.com/support/docview.wss?uid=swg21667626
{"href": "https://www.seebug.org/vuldb/ssvid-61917", "status": "details", "bulletinFamily": "exploit", "modified": "2014-03-25T00:00:00", "title": "IBM Cognos Express\u654f\u611f\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 5.0}, "sourceHref": "", "cvelist": ["CVE-2013-5445"], "description": "Bugtraq ID:66361\r\nCVE ID:CVE-2013-5445\r\n\r\nIBM Cognos Express\u662f\u4e00\u6b3e\u4e3a\u6ee1\u8db3\u4e2d\u578b\u4f01\u4e1a\u7684\u9700\u6c42\u800c\u6784\u5efa\u7684\u5546\u4e1a\u667a\u80fd\u548c\u8ba1\u5212\u96c6\u6210\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nIBM Cognos Express\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u670d\u52a1\u5668\u4e0a\u7684\u52a0\u5bc6\u9a8c\u8bc1\u51ed\u636e\u3002\n0\nIBM Cognos Express 10.2.1 \r\nIBM Cognos Express 10.1 \r\nIBM Cognos Express 9.5 \r\nIBM Cognos Express 9.0\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21667626", "viewCount": 29, "published": "2014-03-25T00:00:00", "sourceData": "", "id": "SSV:61917", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T17:29:31", "reporter": "Root", "enchantments": {"score": {"value": 6.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-5445"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2013-5445"]}]}, "exploitation": null, "vulnersScore": 6.2}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645534887}}
{"cve": [{"lastseen": "2022-03-23T14:09:59", "description": "IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key.", "cvss3": {}, "published": "2014-03-25T20:55:00", "type": "cve", "title": "CVE-2013-5445", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5445"], "modified": "2017-08-29T01:33:00", "cpe": ["cpe:/a:ibm:cognos_express:10.1", "cpe:/a:ibm:cognos_express:10.2.1", "cpe:/a:ibm:cognos_express:9.0", "cpe:/a:ibm:cognos_express:9.5"], "id": "CVE-2013-5445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:cognos_express:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_express:9.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_express:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_express:9.0:*:*:*:*:*:*:*"]}]}
