Session Persistence Vulnerability in IBM Cognos Mobile
CVE-2014-4810 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.
Learn more about our Cis Benchmark Audit For Server Software.