China National Vulnerability DatabaseCNVD-2022-54643IBM Planning Analytics and Cognos Analytics跨站脚本漏洞
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
IBM Cognos Analytics and IBM Planning Analytics are both products of IBM Corporation, a U.S. company. IBM Planning Analytics is a business planning analytics solution that supports the automation of business planning, budgeting and analysis processes. IBM Planning Analytics and Cognos Analytics has a cross-site scripting vulnerability that can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to alter the intended functionality resulting in credential disclosure in a trusted session.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm planning analytics | eq | 2.0 | |
| ibm cognos analytics | eq | 11.1.7 | |
| ibm cognos analytics | eq | 11.2.0 | |
| ibm cognos analytics | eq | 11.2.1 |
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N