CVE-2021-29745

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:cognos_analytics:11.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-269 NVD-CWE-noinfo

17 Nov 2021, 02:55

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211112-0005/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211112-0005/ - Third Party Advisory
CPE cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

12 Nov 2021, 09:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211112-0005/ -

21 Oct 2021, 12:32

Type Values Removed Values Added
CWE CWE-269
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:ibm:cognos_analytics:11.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/201695 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/201695 - VDB Entry, Vendor Advisory
References (CONFIRM) https://www.ibm.com/support/pages/node/6491661 - (CONFIRM) https://www.ibm.com/support/pages/node/6491661 - Patch, Vendor Advisory

15 Oct 2021, 16:27

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-15 16:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-29745

Mitre link : CVE-2021-29745

CVE.ORG link : CVE-2021-29745


JSON object : View

Products Affected

netapp

  • oncommand_insight

ibm

  • cognos_analytics