What is CVE-2012-4858?

CVE-2012-4858 is a vulnerability in Ibm Cognos_business_intelligence, classified under Improper Input Validation. Published 2013-03-05.

Is CVE-2012-4858 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Ibm Cognos_business_intelligence

CVE-2012-4858

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified v…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.020 (84.0th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_business_intelligence — versions 8.4.1, 10.1, 10.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

psirt@us.ibm.com (x_refsource_CONFIRM)
cognost-bi-java-com-execution(79801) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2012-4858?: CVE-2012-4858 is a vulnerability in Ibm Cognos_business_intelligence, classified under Improper Input Validation. Published 2013-03-05.
Is CVE-2012-4858 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.