First published: Mon Jun 17 2019(Updated: )
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cognos Controller | =10.2.0 | |
IBM Cognos Controller | =10.2.1 | |
IBM Cognos Controller | =10.3.0 | |
IBM Cognos Controller | =10.3.1 | |
IBM Cognos Controller | =10.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-4173 is a vulnerability in IBM Cognos Controller versions 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 that could allow a remote attacker to obtain sensitive information.
CVE-2019-4173 is caused by a flaw in the HTTP OPTIONS method, also known as Optionsbleed, which can be exploited by sending an OPTIONS HTTP request to read secret data.
CVE-2019-4173 has a severity level of 6.5, which is considered medium.
CVE-2019-4173 affects IBM Cognos Controller versions 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0.
To fix CVE-2019-4173, IBM Cognos Controller users should apply the necessary patches or updates provided by IBM.