There are vulnerabilities in IBM® Cognos Business Intelligence, and the components it ships with, that are used by Rational Reporting for Development Intelligence (RRDI). There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. Multiple Open Source OpenSSL vulnerabilities affect IBM Cognos Business Intelligence versions prior to 10.2.2. IBM Cognos Business Intelligence uses the IBM WAS Liberty Profile (WLP). There is a potential denial of service in Apache CXF that is used by WebSphere Application Server . IBM Cognos Business Intelligence has upgraded WLP to a version that addresses the vulnerability. A deserialization flaw was discovered in the jackson-databind library which is used by IBM Cognos Business Intelligence. IBM Cognos Business Intelligence is vulnerable to Cross-Site Scripting (XSS) where the application allows a users input to be integrated with client-side application code in an unsafe manner.
CVE(s): CVE-2017-3735, CVE-2017-3736, CVE-2018-0739, CVE-2017-3737, CVE-2017-7525, CVE-2017-12624, CVE-2017-15095, CVE-2018-1413, CVE-2018-2579, CVE-2018-2588, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678, CVE-2018-2599, CVE-2018-2603, CVE-2018-2657, CVE-2018-2618, CVE-2018-2634, CVE-2018-2637, CVE-2018-2800, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2783, CVE-2018-2814, CVE-2018-2790
Affected product(s) and affected version(s):
|
Principal Product and Version(s) |
Affected Supporting Product(s) and Version(s) |
| RRDI 5.0, 5.0.1 and 5.0.2 | Cognos BI 10.2.1 Fix pack 2 Jazz Reporting Service 5.0, 5.0.1 and 5.0.2 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10719163
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/131047
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140847
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134639
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135095
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135123
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138819
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137841
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137917
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137932
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137933
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137851
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137855
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137910
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137870
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137886
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137889
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141956
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141952
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141953
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141954
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141955
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141939
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141970
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141946
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Reporting for Development Intelligence appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2NfEftF
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.