Login Sign Up

CVE-2019-4723

7.5 HIGH

📋 TL;DR

IBM Cognos Analytics 11.0 and 11.1 have a vulnerability where the New Data Server Connection page incorrectly enables autocomplete for credential fields. This allows a remote attacker to potentially extract saved credentials from a user's browser. Organizations using affected versions of IBM Cognos Analytics are at risk.

💻 Affected Systems

Products:
  • IBM Cognos Analytics
Versions: 11.0 and 11.1
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the New Data Server Connection page specifically. Requires user interaction with that page.

📦 What is this software?

Cognos Analytics by Ibm

View all CVEs affecting Cognos Analytics →

Cognos Analytics by Ibm

View all CVEs affecting Cognos Analytics →

Oncommand Insight by Netapp

View all CVEs affecting Oncommand Insight →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrative credentials, gain full access to Cognos Analytics, and potentially compromise connected data sources.

🟠

Likely Case

Attackers harvest user credentials through phishing or compromised sessions, leading to unauthorized access to business intelligence data.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the Cognos Analytics environment only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking authenticated users into visiting a malicious page or using the vulnerable page. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply security patch from IBM (see advisory)

Vendor Advisory: https://www.ibm.com/support/pages/node/6451705

Restart Required: Yes

Instructions:

1. Download the security patch from IBM Fix Central. 2. Apply the patch according to IBM documentation. 3. Restart Cognos Analytics services.

🔧 Temporary Workarounds

Disable autocomplete manually

all

Manually add autocomplete='off' to credential fields in the New Data Server Connection page HTML

Edit the relevant JSP/HTML files to add autocomplete='off' to input fields for credentials

🧯 If You Can't Patch

  • Restrict access to the New Data Server Connection page using network controls or application firewalls
  • Implement strong session management and educate users about credential security

🔍 How to Verify

Check if Vulnerable:

Inspect the New Data Server Connection page HTML for missing autocomplete='off' on credential input fields

Check Version:

Check Cognos Analytics version via administrative console or configuration files

Verify Fix Applied:

Verify the patch version is installed and check that autocomplete='off' is present on credential fields

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to the New Data Server Connection page
  • Multiple failed login attempts from new locations

Network Indicators:

  • Traffic to the vulnerable page from unexpected sources

SIEM Query:

source='cognos' AND (url CONTAINS 'newDataServerConnection' OR event='authentication_failure')

📊 Metadata

CVE ID: CVE-2019-4723
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-522
Published: June 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-4723, you might also want to check these:

CVE-2024-51545 10.0

This CVE describes a username enumeration vulnerability in ABB industrial control system products th...

Same vulnerability type (CWE-522)
CVE-2021-30116 10.0

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated a...

Same vulnerability type (CWE-522)
CVE-2025-0867 9.9

This vulnerability allows standard users to execute commands with administrative privileges through ...

Same vulnerability type (CWE-522)