Family: CGI abuses --> Category: infos
Cognos Powerplay WE Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for the ppdscgi.exe CGI
Detailed Explanation for this Vulnerability Test
The CGI script ppdscgi.exe, part of the PowerPlay
Web Edition package, is installed.
Due to design problems as well as some
potential web server misconfiguration
PowerPlay Web Edition may serve up data
cubes in a non-secure manner. Execution
of the PowerPlay CGI pulls cube data into
files in an unprotected temporary directory.
Those files are then fed back to frames in
the browser. In some cases it is trivial for an
unauthenticated user to tap into those data
files before they are purged.
Solution : Cognos doesn't consider this
problem as being an issue, so they
do not provide any solution.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.