CVE-2021-29892
📋 TL;DR
CVE-2021-29892 is an information disclosure vulnerability in IBM Cognos Controller where HTTP Strict Transport Security (HSTS) is not properly enabled, allowing man-in-the-middle attackers to intercept sensitive data. This affects organizations using IBM Cognos Controller 11.0.0 and 11.0.1 for financial consolidation and reporting.
💻 Affected Systems
- IBM Cognos Controller
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept authentication credentials, financial data, and sensitive business information transmitted between users and the Cognos Controller application.
Likely Case
Attackers capture session cookies or authentication tokens, potentially leading to unauthorized access to financial consolidation data.
If Mitigated
With proper network segmentation and monitoring, impact is limited to potential interception of non-critical data in controlled environments.
🎯 Exploit Status
Exploitation requires man-in-the-middle position on the network path between client and server.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 11.0.2 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7177220
Restart Required: Yes
Instructions:
1. Download IBM Cognos Controller 11.0.2 or later from IBM Passport Advantage
2. Follow IBM installation guide for upgrading Cognos Controller
3. Restart all Cognos Controller services after installation
🔧 Temporary Workarounds
Configure HSTS Headers
allManually configure web server to send Strict-Transport-Security headers
For Apache: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
For Nginx: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
Enforce HTTPS Only
allConfigure web server to redirect all HTTP traffic to HTTPS
For Apache: RewriteEngine On, RewriteCond %{HTTPS} off, RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
For Nginx: return 301 https://$server_name$request_uri;
🧯 If You Can't Patch
- Deploy application behind a reverse proxy with HSTS enabled
- Implement network segmentation to isolate Cognos Controller traffic
🔍 How to Verify
Check if Vulnerable:
Use browser developer tools or curl to check if HTTP requests are redirected to HTTPS and if Strict-Transport-Security header is present in responses.Check Version:
Check IBM Cognos Controller version in administration console or installation directory.Verify Fix Applied:
Verify version is 11.0.2 or later and confirm HSTS header is present in all HTTPS responses.📡 Detection & Monitoring
Log Indicators:
- Multiple failed HTTPS redirects
- HTTP requests to sensitive endpoints
Network Indicators:
- Unencrypted HTTP traffic to Cognos Controller ports
- SSL/TLS interception attempts
SIEM Query:
source="cognos*" AND (http_method=GET OR http_method=POST) AND NOT protocol="https"