CVE-2013-4034

IBM Cognos Business Intelligence - Access Control

Title source: rule

Description

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Exploits (1)

exploitdb WORKING POC VERIFIED

by IBM · xmlremotemultiple

https://www.exploit-db.com/exploits/38825

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21652590

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/86137

Scores

EPSS 0.0873

EPSS Percentile 92.4%

Classification

CWE

CWE-264

Status draft

Affected Products (6)

ibm/cognos_business_intelligence

ibm/cognos_business_intelligence

ibm/cognos_business_intelligence

ibm/cognos_business_intelligence

ibm/cognos_business_intelligence

ibm/cognos_business_intelligence

Timeline

Published Nov 18, 2013

Tracked Since Feb 18, 2026