A vulnerability has been addressed for PM Hub config exposed via web interface
CVEID: CVE-2016-0381**
DESCRIPTION:** IBM TM1 Cognos is vulnerable to a denial of service, caused by an administrator blanking-out a value called “AdminGroups” in the IBM Cognos Performance Management Hub configuration page at host/pmhub/pm/admin page under the security settings node. Once blanked-out, other users with knowledge of the URL can gain access to the configuration page, enter a non-blank value and prevent further access to the configuration.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112247 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
The recommended solution is to apply the fix for versions listed as soon as practical.
Cognos TM1 10.2.2 Fix Pack 5
Link: http://www-01.ibm.com/support/docview.wss?uid=swg24041747
Cognos TM1 10.2.2 FP5 IF1
Link: http://www.ibm.com/support/docview.wss?uid=swg24041902
CPE | Name | Operator | Version |
---|---|---|---|
cognos tm1 | eq | 10.2.2 |