IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010
CVE: CVE-2010-0557
BID: 38084
OSVDB: 62118


IBM Cognos Express is an integrated business intelligence (BI) and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companies need.


The vulnerability is due to hard-coded user credentials, with manager-level permissions, installed by default in the user configuration of the bundled Tomcat Manager server. Remote unauthenticated attackers can exploit this vulnerability by using these credentials to connect to the vulnerable server on port 19300/TCP and deploy a malicious web application on a vulnerable system. Injected code will run with the privileges of the Tomcat server process. On Windows systems, the Tomcat server runs as SYSTEM.


Follow the directions in the IBM Advisory SWG21419179.



Exploit works on IBM Cognos Express 9.0.



Back to exploit index