VYPR
Unrated severityNVD Advisory· Published Nov 5, 2014· Updated Jun 17, 2026

CVE-2014-4810

CVE-2014-4810

Description

IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.

Affected products

4
  • IBM/Cognos Mobile4 versions
    cpe:2.3:a:ibm:cognos_mobile:10.1.1:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:ibm:cognos_mobile:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cognos_mobile:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cognos_mobile:10.2.1:*:*:*:*:*:*:*
    • (no CPE)range: 10.1.1 < FP3 IF1, 10.2.0 < FP2 IF1, 10.2.1 < FP4 IF1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.