Signature Detail

APP: IBM Cognos Server Backdoor Account Remote Code Execution

A code execution vulnerability exists in IBM Cognos Express. The vulnerability is due to hard-coded user credentials, with manager-level permissions, installed by default in the user configuration of the bundled Tomcat server. Remote unauthenticated attackers can exploit this vulnerability by using these credentials to connect to the vulnerable server over port 19300/TCP and deploy a malicious web application on a vulnerable system. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. In this case, the injected code will run with the privileges of the Tomcat server process. On Windows systems the Tomcat process runs as SYSTEM.

Extended Description

IBM Cognos Express is prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass security restrictions and execute arbitrary code with the privileges of the vulnerable application. This issue affects IBM Cognos Express 9.0.

Affected Products

• IBM Cognos Express 9.0

References

• BugTraq: 38084
• CVE: CVE-2010-0557