CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.6%
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cognos_analytics | 11.2.0 | cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* |
ibm | cognos_analytics | 11.2.1 | cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* |
ibm | cognos_analytics | 11.2.2 | cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* |
ibm | cognos_analytics | 11.2.3 | cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* |
ibm | cognos_analytics | 11.2.4 | cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* |
ibm | cognos_analytics | 12.0.0 | cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* |
ibm | cognos_analytics | 12.0.1 | cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* |
ibm | cognos_analytics | 12.0.2 | cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "Cognos Analytics",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2"
}
]
}
]