Session Persistence Vulnerability in IBM Cognos Mobile

Session Persistence Vulnerability in IBM Cognos Mobile

CVE-2014-4810 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.

Learn more about our Cis Benchmark Audit For Server Software.