Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_COGNOS_7012621.NASL
HistoryJul 26, 2023 - 12:00 a.m.

IBM Cognos Analytics Multiple Vulnerabilities (7012621)

2023-07-2600:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
42
ibm cognos analytics
multiple vulnerabilities
denial of service
stored cross-site scripting
prototype pollution flaw
specially crafted input
stack exhaustion
remote attacker
victim's web browser security context
nessus scanner
version number

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x prior to 11.2.4 FP2. It is, therefore, affected by multiple vulnerabilities, including the following:

  • netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software. (CVE-2023-1370)

  • Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote attacker could exploit this vulnerability to cause a denial of service condition. (CVE-2022-24999)

  • IBM Cognos Analytics is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. (CVE-2023-28530)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(178850);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/25");

  script_cve_id(
    "CVE-2023-1370",
    "CVE-2022-24999",
    "CVE-2023-25929",
    "CVE-2023-28530"
  );
  script_xref(name:"IAVB", value:"2023-B-0055-S");

  script_name(english:"IBM Cognos Analytics Multiple Vulnerabilities (7012621)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x 
prior to 11.2.4 FP2. It is, therefore, affected by multiple vulnerabilities, including the following:

  - netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays
  or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to
  cause a stack exhaustion and crash the software. (CVE-2023-1370)

  - Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By
  adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote
  attacker could exploit this vulnerability to cause a denial of service condition. (CVE-2022-24999)

  - IBM Cognos Analytics is vulnerable to stored cross-site scripting, caused by improper validation of SVG
  Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a
  victim's Web browser within the security context of the hosting Web site. An attacker could use this
  vulnerability to steal the victim's cookie-based authentication credentials. (CVE-2023-28530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7012621");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Cognos Analytics 11.1.7 FP7, 11.2.4 FP2, or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28530");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/26");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:cognos_analytics");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_cognos_analytics_web_detect.nbin");
  script_require_keys("installed_sw/IBM Cognos Analytics");

  exit(0);
}

include('vcf.inc');
include('http.inc');

var app = 'IBM Cognos Analytics';

var port = get_http_port(default:443);

var app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);


var constraints = [
  { 'min_version':'11.1', 'max_version':'11.1.6', 'fixed_display':'11.1.7 FP7' },
# Remote detection cannot determine fix pack
  { 'equal':'11.1.7', 'fixed_display':'11.1.7 FP7', 'require_paranoia':TRUE },
  { 'min_version':'11.2', 'fixed_version':'11.2.3', 'fixed_display':'11.2.4 FP2'},
# Remote detection cannot determine fix pack
  { 'equal':'11.2.4', 'fixed_display':'11.2.4 FP2', 'require_paranoia':TRUE }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{'xss':TRUE});
VendorProductVersionCPE
ibmcognos_analyticscpe:/a:ibm:cognos_analytics

Related

ibm 53
cve 4
prion 4
cnvd 1
nvd 4
cvelist 4
osv 10
githubexploit 1
ubuntucve 2
openvas 4
mageia 1
nessus 26
veracode 2
redhatcve 2
debiancve 2
github 3
debian 2
atlassian 2
redhat 26
cgr 1
ubuntu 1
almalinux 1
oraclelinux 1
rocky 1
oracle 5
ibm
ibm
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2023-28530, XFID: 212233, CVE-2022-24999, CVE-2023-28530, CVE-2023-25929)
2023-07-19 20:13:55
Security Bulletin: IBM Event Streams is affected by a vulnerability in Express.js Express (CVE-2022-24999)
2023-03-29 09:46:06
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2022-24999
2023-03-27 17:26:39
cve
cve
CVE-2023-28530
2023-07-22 02:15:47
CVE-2023-25929
2023-07-22 02:15:47
CVE-2022-24999
2022-11-26 22:15:10
prion
prion
Cross site scripting
2023-07-22 02:15:00
Cross site scripting
2023-07-22 02:15:00
Design/Logic Flaw
2022-11-26 22:15:00
cnvd
cnvd
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2023-68782)
2023-07-27 00:00:00
nvd
nvd
CVE-2023-28530
2023-07-22 02:15:47
CVE-2023-25929
2023-07-22 02:15:47
CVE-2022-24999
2022-11-26 22:15:10
cvelist
cvelist
CVE-2023-28530 IBM Cognos Analytics cross-site scripting
2023-07-22 01:47:06
CVE-2023-25929 IBM Cognos Analytics cross-site scripting
2023-07-22 01:45:13
CVE-2022-24999
2022-11-26 00:00:00
osv
osv
node-qs - security update
2023-01-30 00:00:00
qs vulnerable to Prototype Pollution
2022-11-27 00:30:50
CVE-2022-24999
2022-11-26 22:15:10
githubexploit
githubexploit
Exploit for Prototype Pollution in Qs Project Qs
2022-04-18 06:46:49
ubuntucve
ubuntucve
CVE-2022-24999
2022-11-26 00:00:00
CVE-2023-1370
2023-03-22 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0053)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3299-1)
2023-01-31 00:00:00
Ubuntu: Security Advisory (USN-6011-1)
2023-04-13 00:00:00
mageia
mageia
Updated nodejs-qs packages fix security vulnerability
2023-02-21 00:25:36
nessus
nessus
RHEL 8 : qs (Unpatched Vulnerability)
2024-06-03 00:00:00
Debian DLA-3299-1 : node-qs - LTS security update
2023-01-31 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.61 (RHSA-2023:3362)
2024-01-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-11-28 05:06:55
Denial Of Service (DoS)
2023-03-24 05:47:33
redhatcve
redhatcve
CVE-2022-24999
2022-12-02 14:26:10
CVE-2023-1370
2023-04-21 05:56:49
debiancve
debiancve
CVE-2022-24999
2022-11-26 22:15:10
CVE-2023-1370
2023-03-22 06:15:09
github
github
qs vulnerable to Prototype Pollution
2022-11-27 00:30:50
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
2023-03-31 22:44:09
json-smart Uncontrolled Recursion vulnerabilty
2023-03-23 20:32:03
debian
debian
[SECURITY] [DLA 3299-1] node-qs security update
2023-01-30 22:01:11
[SECURITY] [DLA 3373-1] json-smart security update
2023-03-31 08:03:05
atlassian
atlassian
Json-smart Vulnerability in Jira Service Management Data Center and Server
2023-10-08 03:44:24
DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center and Server
2024-04-04 04:45:52
redhat
redhat
(RHSA-2023:3179) Important: Red Hat Integration Camel Extensions For Quarkus 2.13.2-2 security update
2023-05-17 12:25:13
(RHSA-2023:3193) Important: Red Hat Integration Camel Extensions for Quarkus 2.7.1-1 security update
2023-05-17 15:47:07
(RHSA-2023:3362) Important: OpenShift Container Platform 4.10.61 packages and security update
2023-06-07 09:15:59
cgr
cgr
CVE-2023-1370 vulnerabilities
2024-05-19 03:07:16
ubuntu
ubuntu
Json-smart vulnerabilities
2023-04-12 00:00:00
almalinux
almalinux
Moderate: nodejs:14 security, bug fix, and enhancement update
2023-01-09 00:00:00
oraclelinux
oraclelinux
nodejs:14 security, bug fix, and enhancement update
2023-01-09 00:00:00
rocky
rocky
nodejs:14 security, bug fix, and enhancement update
2023-01-09 14:24:14
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON
Related for IBM_COGNOS_7012621.NASL
ibm53cve4prion4cnvd1nvd4cvelist4osv10githubexploit1ubuntucve2openvas4mageia1nessus26veracode2redhatcve2debiancve2github3debian2atlassian2redhat26cgr1ubuntu1almalinux1oraclelinux1rocky1oracle5