Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Cognos Powerplay WE Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for the ppdscgi.exe CGI

Detailed Explanation for this Vulnerability Test

The CGI script ppdscgi.exe, part of the PowerPlay
Web Edition package, is installed.

Due to design problems as well as some
potential web server misconfiguration
PowerPlay Web Edition may serve up data
cubes in a non-secure manner. Execution
of the PowerPlay CGI pulls cube data into
files in an unprotected temporary directory.
Those files are then fed back to frames in
the browser. In some cases it is trivial for an
unauthenticated user to tap into those data
files before they are purged.

Solution : Cognos doesn't consider this
problem as being an issue, so they
do not provide any solution.

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.