CVE-2018-1842

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.

Published : 2018-11-09 01:29 Updated : 2019-10-09 23:39

3.3
CVSS Score More info
Score 3.3 / 10
3.3
Vendor Product Version URI
Ibm Cognos Analytics 11.0.0.0 cpe:/a:ibm:cognos_analytics:11.0.0.0
Ibm Cognos Analytics 11.0.1 cpe:/a:ibm:cognos_analytics:11.0.1
Ibm Cognos Analytics 11.0.1.0 cpe:/a:ibm:cognos_analytics:11.0.1.0
Ibm Cognos Analytics 11.0.2 cpe:/a:ibm:cognos_analytics:11.0.2
Ibm Cognos Analytics 11.0.2.0 cpe:/a:ibm:cognos_analytics:11.0.2.0
Ibm Cognos Analytics 11.0.3 cpe:/a:ibm:cognos_analytics:11.0.3
Ibm Cognos Analytics 11.0.3.0 cpe:/a:ibm:cognos_analytics:11.0.3.0
Ibm Cognos Analytics 11.0.4 cpe:/a:ibm:cognos_analytics:11.0.4
Ibm Cognos Analytics 11.0.4.0 cpe:/a:ibm:cognos_analytics:11.0.4.0
Ibm Cognos Analytics 11.0.5 cpe:/a:ibm:cognos_analytics:11.0.5
Ibm Cognos Analytics 11.0.6 cpe:/a:ibm:cognos_analytics:11.0.6
Ibm Cognos Analytics 11.0.7 cpe:/a:ibm:cognos_analytics:11.0.7
Ibm Cognos Analytics 11.0.8 cpe:/a:ibm:cognos_analytics:11.0.8
Ibm Cognos Analytics 11.0.9 cpe:/a:ibm:cognos_analytics:11.0.9
Ibm Cognos Analytics 11.0.10 cpe:/a:ibm:cognos_analytics:11.0.10
Ibm Cognos Analytics 11.0.11 cpe:/a:ibm:cognos_analytics:11.0.11
Ibm Cognos Analytics 11.0.12.0 cpe:/a:ibm:cognos_analytics:11.0.12.0
Netapp Oncommand Insight - cpe:/a:netapp:oncommand_insight:-
Ibm Cognos Analytics 11.0.10.0 cpe:/a:ibm:cognos_analytics:11.0.10.0
Ibm Cognos Analytics 11.0.11.0 cpe:/a:ibm:cognos_analytics:11.0.11.0
Ibm Cognos Analytics 11.0.12 cpe:/a:ibm:cognos_analytics:11.0.12
  1. Netapp (1) Search CVE
    1. Oncommand Insight (1) Search CVE
      1. -
  2. Ibm (1) Search CVE
    1. Cognos Analytics (20) Search CVE
      1. 11.0.0.0
      2. 11.0.1
      3. 11.0.1.0
      4. 11.0.2
      5. 11.0.2.0
      6. 11.0.3
      7. 11.0.3.0
      8. 11.0.4
      9. 11.0.4.0
      10. 11.0.5
      11. 11.0.6
      12. 11.0.7
      13. 11.0.8
      14. 11.0.9
      15. 11.0.10
      16. 11.0.11
      17. 11.0.12.0
      18. 11.0.10.0
      19. 11.0.11.0
      20. 11.0.12

CWE

ID Name Description Links
CWE-347 Improper Verification of Cryptographic Signature The software does not verify, or incorrectly verifies, the cryptographic signature for data. CVE

History of changes

Date Event
2019-10-09 23:39
2019-04-16 11:41
2018-12-12 19:21
2018-11-09 11:29
2018-11-09 01:29

New CVE