What is CVE-2012-0202?

CVE-2012-0202 is a vulnerability in Ibm Cognos_tm1, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-05-04.

Is CVE-2012-0202 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Ibm Cognos_tm1

CVE-2012-0202

Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted…

Vulnerability class: Buffer Overflow

EPSS: 0.790 (99.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_tm1 — versions 9.4.1, 9.4.1.3, 9.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cognos-tm1admsd-bo(73182) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@us.ibm.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2012-0202?: CVE-2012-0202 is a vulnerability in Ibm Cognos_tm1, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-05-04.
Is CVE-2012-0202 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.