Path Traversal in Ibm Cognos_business_intelligence

CVE-2013-2988

Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulne…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (40.9th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_business_intelligence — versions 8.4.1, 10.1, 10.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
cognosbi-cve20132988-reportauthor-bypass(84010) (vdb-entry, x_refsource_XF)