IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010
CVE: CVE-2010-0557
BID: 38084
OSVDB: 62118

Background

IBM Cognos Express is an integrated business intelligence (BI) and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companies need.

Problem

The vulnerability is due to hard-coded user credentials, with manager-level permissions, installed by default in the user configuration of the bundled Tomcat Manager server. Remote unauthenticated attackers can exploit this vulnerability by using these credentials to connect to the vulnerable server on port 19300/TCP and deploy a malicious web application on a vulnerable system. Injected code will run with the privileges of the Tomcat server process. On Windows systems, the Tomcat server runs as SYSTEM.

Resolution

Follow the directions in the IBM Advisory SWG21419179.

References

http://secunia.com/advisories/38457/

Limitations

Exploit works on IBM Cognos Express 9.0.

Platforms

Windows

Back to exploit index