VULHUB ™

Cognos Powerplay Web Edition is a commercial Business Performance Measurement and Reporting application. Cognos Powerplay Web Edition creates data cubes in temporary directories using a predictable naming format. If a user can access a guest account or unprotected cube then they may right click the content area and 'View Frame Info', which will display the temporary file name of the cube being accessed. Doing this repeatedly will reveal a range of temporary file names, which the attacker can use to extrapolate the naming format. The remote attacker may also try to brute force all possible file names to determine the naming convention of data cubes.

Cognos Powerplay Web Edition is a commercial Business Performance Measurement and Reporting application. Cognos Powerplay Web Edition creates data cubes in temporary directories using a predictable naming format. If a user can access a guest account or unprotected cube then they may right click the content area and 'View Frame Info', which will display the temporary file name of the cube being accessed. Doing this repeatedly will reveal a range of temporary file names, which the attacker can use to extrapolate the naming format. The remote attacker may also try to brute force all possible file names to determine the naming convention of data cubes.