CVE-2017-1764

HIGH

IBM Cognos Business Intelligence - Insufficiently Protected Credentials

Title source: rule

Description

IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.

References (2)

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg22014202

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/136149

Scores

CVSS v3 7.0

EPSS 0.0004

EPSS Percentile 10.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (4)

ibm/cognos_business_intelligence

Timeline

Published Apr 23, 2018

Tracked Since Feb 18, 2026