|
|
|||
| Rule General Information |
|---|
| Release Date: | 2013-03-29 | |
| Rule Name: | IBM Cognos Server Backdoor Account Vulnerability (CVE-2010-0557) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A code execution vulnerability exists in IBM Cognos Express. The vulnerability is due to hard-coded user credentials, with manager-level permissions, installed by default in the user configuration of the bundled Tomcat server. Remote unauthenticated attackers can exploit this vulnerability by using these credentials to connect to the vulnerable server over port 19300/TCP and deploy a malicious web application on a vulnerable system. | |
| Impact: | Remote code execution | |
| Affected OS: | Windows, Others | |
| Reference: | CVE-2010-0557 SWG21419065 ZeroDayInitiative:ZDI-10-018 SecurityAdvisory:SA38457 SecurityFocusBID:38084 |
|
| Solutions |
|---|
| Update vendor's patch. |