Home Unlabelled IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics

IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics

By
Tuesday, November 06, 2018
Read
Add Comment

Nov 6, 2018 8:00 am EST

Categorized: High Severity

Share this post:

This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.13.0. Multiple Open Source OpenSSL vulnerabilities affect IBM Cognos Analytics. IBM Cognos Analytics consumes IBM GSKit. Multiple vulnerabilities have been addressed in IBM GSKit. IBM Cognos Business Intelligence uses the IBM WAS Liberty Profile (WLP). There is a potential denial of service in Apache CXF that is used by WebSphere Application Server . IBM Cognos Analytics has upgraded WLP to a version that addresses the vulnerability. Deserialization flaws were discovered in the jackson-databind library which is used by IBM Cognos Analytics. The IBM Cognos Analytics Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token.

CVE(s): CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2016-0705, CVE-2017-3732, CVE-2018-0739, CVE-2018-1447, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426, CVE-2017-12624, CVE-2017-15095, CVE-2017-7525, CVE-2018-1842

Affected product(s) and affected version(s):

IBM Cognos Analytics Versions 11.0.0.0 to 11.0.12.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10738249
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/131047
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121313
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140847
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139972
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139073
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135095
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135123
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134639
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150902



from IBM Product Security Incident Response Team https://ift.tt/2D5LuC2
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us