Description
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.
CVSS breakdown
CVSS 3.0
Availability
None
User Interaction
None
Privileges Required
Low
Integrity
None
Scope
Unchanged
Attack Complexity
Low
Confidentiality
High
Attack Vector
Network
RC
Changed
E
Unchanged
RL
O
Affected products
- ibm / cognos_controller10.2.1 – 10.2.1
- ibm / cognos_controller10.2.0 – 10.2.0
- ibm / cognos_controller10.3.1 – 10.3.1
- ibm / cognos_controller10.3.0 – 10.3.0
- ibm / cognos_controller10.4.0 – 10.4.0