CyberSec.Space Logo
返回 CVE 浏览器

CVE-2012-4858

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile2.99th
Published2013年3月5日
Last Modified2026年4月29日

Vulnerability Description

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors.

Affected Platforms (CPE)

📦
Ibm

Cognos Business Intelligence

= 8.4.1
📦
Ibm

Cognos Business Intelligence

= 10.1
📦
Ibm

Cognos Business Intelligence

= 10.1.1
📦
Ibm

Cognos Business Intelligence

= 10.2

References & Advisories

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21626697
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg24034373
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/79801
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21626697
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg24034373
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/79801

相关漏洞威胁

CVE-2010-149010.0

Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.

CVE-2018-19348.8

IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malic...

CVE-2016-89608.8

IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-p...

CVE-2017-17647.0

IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text cred...