CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/240266	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6841801	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cognos_analytics::::::::
	cpe:2.3:a:ibm:cognos_analytics::::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack5::::::

History

07 Nov 2023, 03:54

Type	Values Removed	Values Added
Summary	IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.	IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-74~~	CWE-116

23 Dec 2022, 20:09

Type	Values Removed	Values Added
CWE		CWE-74
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://www.ibm.com/support/pages/node/6841801 -~~	(MISC) https://www.ibm.com/support/pages/node/6841801 - Patch, Vendor Advisory
References	~~(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/240266 -~~	(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/240266 - VDB Entry, Vendor Advisory
First Time		Ibm Ibm cognos Analytics
CPE		cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:::::: cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:::::: cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:::::: cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:::::: cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack5:::::: cpe:2.3:a:ibm:cognos_analytics::::::::

19 Dec 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-19 21:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-43883

Mitre link : CVE-2022-43883

CVE.ORG link : CVE-2022-43883

JSON object : View

Products Affected

ibm

cognos_analytics

CWE

CWE-116

Improper Encoding or Escaping of Output

7.5 /10