IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a users browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cognos_analytics | Ibm | 11.0.0 (including) | 11.0.0 (including) |
Cognos_analytics | Ibm | 11.1.0 (including) | 11.1.0 (including) |