Vulnerability Description
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Cognos Business Intelligence | 8.4.1 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21626697
- http://www-01.ibm.com/support/docview.wss?uid=swg24034373
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79801
- http://www-01.ibm.com/support/docview.wss?uid=swg21626697
- http://www-01.ibm.com/support/docview.wss?uid=swg24034373
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79801
FAQ
What is CVE-2012-4858?
CVE-2012-4858 is a vulnerability with a CVSS score of 9.3 (HIGH). IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execu...
How severe is CVE-2012-4858?
CVE-2012-4858 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4858?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Cognos Business Intelligence.