CVE-2013-3030
CVE-2013-3030 is a medium-severity vulnerability in Ibm Cognos Business Intelligence with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 2% (81st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Ibm Cognos Business Intelligence
- Published:
- Last modified:
Description
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests.
Frequently asked questions
- What is CVE-2013-3030?
- The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests.
- How severe is CVE-2013-3030?
- CVE-2013-3030 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2013-3030 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (81st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-3030?
- CVE-2013-3030 primarily affects Ibm Cognos Business Intelligence. In total, 6 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-3030?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2013-3030 published?
- CVE-2013-3030 was published on 2013-11-18 and last updated on 2026-06-16.
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21652590
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84592
Affected products (6)
- cpe:2.3:a:ibm:cognos_business_intelligence:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1.1:*:*:*:*:*:*:*
More vulnerabilities in Ibm Cognos Business Intelligence
- CVE-2012-4858 — Critical (CVSS 9.3): IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does…
- CVE-2018-1934 — High (CVSS 8.8): IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to…
- CVE-2016-8960 — High (CVSS 8.8): IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of…
- CVE-2016-3036 — High (CVSS 7.5): IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing…
- CVE-2017-1764 — High (CVSS 7.0): IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose…
- CVE-2016-0254 — Medium (CVSS 6.5): IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity…
All CVEs affecting Ibm Cognos Business Intelligence →
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →