IBM Cognos Express Server Backdoor Account Remote Code Execution
Added: 05/25/2010CVE: CVE-2010-0557
BID: 38084
OSVDB: 62118
Background
IBM Cognos Express is an integrated business intelligence (BI) and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companies need.Problem
The vulnerability is due to hard-coded user credentials, with manager-level permissions, installed by default in the user configuration of the bundled Tomcat Manager server. Remote unauthenticated attackers can exploit this vulnerability by using these credentials to connect to the vulnerable server on port 19300/TCP and deploy a malicious web application on a vulnerable system. Injected code will run with the privileges of the Tomcat server process. On Windows systems, the Tomcat server runs as SYSTEM.Resolution
Follow the directions in the IBM Advisory SWG21419179.References
http://secunia.com/advisories/38457/Limitations
Exploit works on IBM Cognos Express 9.0.Platforms
WindowsBack to exploit index