Lucene search
IbmCVE-2022-34339HistoryNov 03, 2022 - 8:15 p.m.
CVE-2022-34339
2022-11-0320:15:28
CWE-312
ibm
web.nvd.nist.gov
41
6
ibm
cognos analytics
user credentials
plain clear text
security vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6
Confidence
High
EPSS
0.001
Percentile
25.4%
“IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963.”
Affected configurations
Node
ibmcognos_analyticsRange11.1.0–11.1.7
ORibmcognos_analyticsMatch11.1.7-
ORibmcognos_analyticsMatch11.1.7fixpack1
ORibmcognos_analyticsMatch11.1.7fixpack2
ORibmcognos_analyticsMatch11.1.7fixpack3
ORibmcognos_analyticsMatch11.1.7fixpack4
ORibmcognos_analyticsMatch11.2.0
ORibmcognos_analyticsMatch11.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cognos_analytics | * | cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* |
| ibm | cognos_analytics | 11.1.7 | cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:* |
| ibm | cognos_analytics | 11.1.7 | cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:* |
| ibm | cognos_analytics | 11.1.7 | cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:* |
| ibm | cognos_analytics | 11.1.7 | cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:* |
| ibm | cognos_analytics | 11.1.7 | cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:* |
| ibm | cognos_analytics | 11.2.0 | cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* |
| ibm | cognos_analytics | 11.2.1 | cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "IBM Cognos Analytics ",
"versions": [
{
"version": "\"11.2.1, 11.2.0, 11.1.7\"",
"status": "affected"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2022-34339
2022-11-03 00:00:00
prion
prion
Code injection
2022-11-03 20:15:00
nvd
nvd
CVE-2022-34339
2022-11-03 20:15:28
cnvd
cnvd
IBM Cognos Analytics Information Disclosure Vulnerability (CNVD-2022-77510)
2022-11-06 00:00:00
nessus
nessus
IBM Cognos Analytics Multiple Vulnerabilities (6828527)
2022-10-27 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6
Confidence
High
EPSS
0.001
Percentile
25.4%
Related for CVE-2022-34339