Title: Cognos Powerplay Web Edition Weak Temp File Name Vulnerability
Severity: LOW
Description:
Cognos Powerplay Web Edition is a commercial Business Performance Measurement and Reporting application.
Cognos Powerplay Web Edition creates data cubes in temporary directories using a predictable naming format.
Data cubes are designated as either protected or unprotected. In addition, some hosts enable access by guest accounts. The consequences of this are that if a user can access a guest account or unprotected cube then they may right click the content area and 'View Frame Info', which will display the temporary file name of the cube being accessed. Doing this repeatedly will reveal a range of temporary file names, which the attacker can use to extrapolate the naming format.
Another fairly roundabout method of determining the naming format of temporary files would be to make brute force file requests of all possible file name. Since all data cubes are given four-char names, it would be a matter of guessing all combinations before the temporary files were purged.
There may be a potential for local attackers on the host to use the predictable naming format to stage symlink attacks.
Affected Products:
- Cognos Powerplay Web Edition 4.0.0
- Cognos Powerplay Web Edition 4.1.0
- Cognos Powerplay Web Edition 5.0.01
- Cognos Powerplay Web Edition 5.21.0
- Cognos Powerplay Web Edition 6.0.0
- Cognos Powerplay Web Edition 6.5.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
