VYPR
← All advisories
Low severity3.3NVD Advisory· Published Jun 7, 2017· Updated May 13, 2026

CVE-2017-1125

CVE-2017-1125

Description

IBM Cognos Analytics 10.1 and 10.2 allow local users to confirm file existence and expose postal file contents via a crafted URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Cognos Analytics 10.1 and 10.2 allow local users to confirm file existence and expose postal file contents via a crafted URL.

Vulnerability

IBM Cognos Analytics versions 10.1 and 10.2 contain a vulnerability that allows a local user to craft a URL which can confirm the existence of and expose the postial contents of a file. The issue is identified by IBM X-Force ID 121340 [1]. Affected versions include 10.1 and 10.2.

Exploitation

An attacker with local access to the system can craft a specially constructed URL. No authentication is required beyond local user privileges. The attacker then submits the crafted URL, and the response reveals whether a target file exists and discloses its postal contents [1].

Impact

Successful exploitation results in low confidentiality impact as the attacker can confirm file existence and read postal contents of files. There is no integrity or availability impact. The CVSS v3 base score is 3.3, reflecting the limited scope [1].

Mitigation

IBM released a security update in the 2017Q2 Security Updater for IBM Cognos Business Intelligence Server. Users should apply the update to remediate this vulnerability [1]. No known workarounds are documented.

References
  1. Security Bulletin: IBM Cognos Business Intelligence Server 2017Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • IBM/Cognos Business Intelligence6 versions
    cpe:2.3:a:ibm:cognos_business_intelligence_server:10.1.1:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:ibm:cognos_business_intelligence_server:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cognos_business_intelligence_server:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cognos_business_intelligence_server:10.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cognos_business_intelligence_server:10.2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cognos_business_intelligence_server:10.2.2:*:*:*:*:*:*:*
    • (no CPE)range: 10.1.1
  • IBM/Cognos Analyticsllm-fuzzy
    Range: =10.1 and 10.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.