Lucene search

China National Vulnerability DatabaseCNVD-2022-54641

HistoryJun 28, 2022 - 12:00 a.m.

IBM Cognos Analytics Information Disclosure Vulnerability (CNVD-2022-54641)

2022-06-2800:00:00

China National Vulnerability Database

www.cnvd.org.cn

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation in the United States. IBM Cognos Analytics versions 11.2.1, 11.2.0 and 11.1.7 contain an information disclosure vulnerability that stems from faulty access controls that could be exploited by a low-level attacker to obtain sensitive information from an inaccessible “Cloud Storage” page details without access to obtain sensitive information.

CPENameOperatorVersion
ibm cognos analyticseq11.1.7
ibm cognos analyticseq11.2.0
ibm cognos analyticseq11.2.1

Name	Operator	Version
ibm cognos analytics	eq	11.1.7
ibm cognos analytics	eq	11.2.0
ibm cognos analytics	eq	11.2.1

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for CNVD-2022-54641