IBM Cognos Analytics 11.1.7 Interim Fix 3

CPE Details

IBM Cognos Analytics 11.1.7 Interim Fix 3
ibm
cognos_analytics
11.1.7
2023-08-22
15h15 +00:00
2023-08-25
05h43 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ibm:cognos_analytics:11.1.7:interimfix3:*:*:*:*:*:*

Informations

Vendor

ibm

Product

cognos_analytics

Version

11.1.7

Update

interimfix3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-35011 2023-08-16 22h46 +00:00 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705.
5.4
Moyen
CVE-2023-35009 2023-08-16 22h44 +00:00 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.
5.3
Moyen
CVE-2022-43883 2022-12-19 20h47 +00:00 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
7.5
Haute
CVE-2022-38708 2022-12-19 20h12 +00:00 IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.
9.1
Critique
CVE-2021-29745 2021-10-15 15h55 +00:00 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.
8.8
Haute
CVE-2021-29679 2021-10-15 15h55 +00:00 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.
8.8
Haute
CVE-2020-4951 2021-10-15 15h55 +00:00 IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
3.3
Bas
CVE-2020-4388 2020-10-12 13h20 +00:00 IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.
8.2
Haute
CVE-2020-4302 2020-10-12 13h20 +00:00 IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.
7.8
Haute