ByteOS Network

NVD Vulnerability Details :

CVE-2014-4810

Deferred

Source-psirt@us.ibm.com

Published At-05 Nov, 2014 | 11:55

Updated At-12 Apr, 2025 | 10:46

IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

IBM Corporation

>>cognos_mobile>>10.1.1

cpe:2.3:a:ibm:cognos_mobile:10.1.1:*:*:*:*:*:*:*

IBM Corporation

>>cognos_mobile>>10.2.0

cpe:2.3:a:ibm:cognos_mobile:10.2.0:*:*:*:*:*:*:*

IBM Corporation

>>cognos_mobile>>10.2.1

cpe:2.3:a:ibm:cognos_mobile:10.2.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21684608	psirt@us.ibm.com	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95386	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21684608	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95386	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History