CVE-2018-1842

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name	Vendor	Start Version	End Version
Cognos_analytics	Ibm	11.0.0.0 (including)	11.0.12.0 (including)

https://cwe.mitre.org/data/definitions/463.html
https://cwe.mitre.org/data/definitions/475.html

References

http://www.securitytracker.com/id/1042031
https://exchange.xforce.ibmcloud.com/vulnerabilities/150902
https://security.netapp.com/advisory/ntap-20190329-0003/
https://security.netapp.com/advisory/ntap-20190401-0003/
https://www.ibm.com/support/docview.wss?uid=ibm10738249
http://www.securitytracker.com/id/1042031
https://exchange.xforce.ibmcloud.com/vulnerabilities/150902
https://security.netapp.com/advisory/ntap-20190329-0003/
https://security.netapp.com/advisory/ntap-20190401-0003/
https://www.ibm.com/support/docview.wss?uid=ibm10738249

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-1842
CWE	https://cwe.mitre.org/data/definitions/347.html

Improper Verification of Cryptographic Signature

Weakness

Affected Software

Related Attack Patterns

References