There is a vulnerability in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. This issue was disclosed as part of the IBM Java SDK updates in Oct 2017.
CVEID: CVE-2017-10356**
DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133785 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
The recommended solution is to apply the fix for versions listed as soon as practical.
Cognos Insight Standard Edition 10.2.1 Fix Pack 2 Interim Fix 24
Link:<http://www.ibm.com/support/docview.wss?uid=swg24044707>
Cognos Insight Standard Edition 10.2.2.7 Interim Fix 12
Link: <http://www.ibm.com/support/docview.wss?uid=swg24044709>
None