What is the severity of CVE-2016-0381?

CVE-2016-0381 is classified as a medium severity vulnerability that can lead to a denial of service.

How do I fix CVE-2016-0381?

To fix CVE-2016-0381, update IBM Cognos TM1 to version 10.2.2 FP5 or later, ensuring the AdminGroups setting is properly configured.

Who is affected by CVE-2016-0381?

CVE-2016-0381 affects IBM Cognos TM1 versions earlier than FP5 where the AdminGroups setting is left empty.

What type of attack does CVE-2016-0381 allow?

CVE-2016-0381 allows authenticated remote users to cause a denial of service due to misconfiguration.

Can I still use IBM Cognos TM1 if CVE-2016-0381 is present?

While you can technically continue using IBM Cognos TM1 with CVE-2016-0381, it poses a risk of configuration outage and is not recommended.

Vulnerability/
CVE-2016-0381

medium

4.3

CWE

15/5/2016

5/8/2024

CVE-2016-0381: Input Validation

First published: Sun May 15 2016(Updated: )

IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cognos TM1	<=10.2.2

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21981936

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-0381?
CVE-2016-0381 is classified as a medium severity vulnerability that can lead to a denial of service.
How do I fix CVE-2016-0381?
To fix CVE-2016-0381, update IBM Cognos TM1 to version 10.2.2 FP5 or later, ensuring the AdminGroups setting is properly configured.
Who is affected by CVE-2016-0381?
CVE-2016-0381 affects IBM Cognos TM1 versions earlier than FP5 where the AdminGroups setting is left empty.
What type of attack does CVE-2016-0381 allow?
CVE-2016-0381 allows authenticated remote users to cause a denial of service due to misconfiguration.
Can I still use IBM Cognos TM1 if CVE-2016-0381 is present?
While you can technically continue using IBM Cognos TM1 with CVE-2016-0381, it poses a risk of configuration outage and is not recommended.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/tags
agent/description
agent/event
agent/first-publish-date
agent/source
vendor/ibm
canonical/ibm cognos tm1
version/ibm cognos tm1/10.2.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2016-0381?
CVE-2016-0381 is classified as a medium severity vulnerability that can lead to a denial of service.
How do I fix CVE-2016-0381?
To fix CVE-2016-0381, update IBM Cognos TM1 to version 10.2.2 FP5 or later, ensuring the AdminGroups setting is properly configured.
Who is affected by CVE-2016-0381?
CVE-2016-0381 affects IBM Cognos TM1 versions earlier than FP5 where the AdminGroups setting is left empty.
What type of attack does CVE-2016-0381 allow?
CVE-2016-0381 allows authenticated remote users to cause a denial of service due to misconfiguration.
Can I still use IBM Cognos TM1 if CVE-2016-0381 is present?
While you can technically continue using IBM Cognos TM1 with CVE-2016-0381, it poses a risk of configuration outage and is not recommended.