漏洞描述
IBM Cognos Express是美国IBM公司的一套为满足中型企业的需求而构建的集成商业智能(BI)和计划解决方案。该方案提供报表、分析、仪表盘、记分卡、规划、预算和预测等功能。 IBM Cognos Express中的Tomcat Manager组件使用了硬编码的凭据,远程用户可以通过这个凭据获得对组件的非授权访问并执行拒绝服务攻击。
IBM Cognos Express硬编码凭据绕过安全限制漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-68613: n8n - Remote Code Execution via Expression Injection
- POC CVE-2019-10758: mongo-express Remote Code Execution
- POC CVE-2019-16469: Adobe Experience Manager - Expression Language Injection
- POC CVE-2020-24391: Mongo-Express - Remote Code Execution
- POC CVE-2021-32820: Express-handlebars - Local File Inclusion
- POC CVE-2022-24627: AudioCodes Device Manager Express - SQL Injection
- POC CVE-2024-2876: Wordpress Email Subscribers by Icegram Express - SQL Injection
- POC CVE-2024-36401: GeoServer RCE in Evaluating Property Name Expressions
- POC CVE-2024-4295: Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
- POC CVE-2019-10758: Mongo-Express Remote Code Execution
- POC spring-expression-oob: Spring Expression Language - Out of Band Template Injection
- POC aliexpress-acs-csp-bypass: Content-Security-Policy Bypass - AliExpress ACS
- POC express-stack-trace: Express Stack Trace