|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Cognos Powerplay WE Vulnerability Vulnerability Assessment Details
|
Cognos Powerplay WE Vulnerability |
||
|
Checks for the ppdscgi.exe CGI Detailed Explanation for this Vulnerability Assessment The CGI script ppdscgi.exe, part of the PowerPlay Web Edition package, is installed. Due to design problems as well as some potential web server misconfiguration PowerPlay Web Edition may serve up data cubes in a non-secure manner. Execution of the PowerPlay CGI pulls cube data into files in an unprotected temporary directory. Those files are then fed back to frames in the browser. In some cases it is trivial for an unauthenticated user to tap into those data files before they are purged. Solution : Cognos doesn't consider this problem as being an issue, so they do not provide any solution. Network Security Threat Level: Medium Networks Security ID: 491 Vulnerability Assessment Copyright: This script is Copyright (C) 1999 Renaud Deraison |
||
|
Workstations, Terminals |
|
||
|
No Discussions have been posted on this vulnerability. |