8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation of the United States. IBM Cognos Analytics versions 11.1.7, 11.2.0 and 11.2.1 contain a security vulnerability that stems from vulnerability to XML External Entity Injection (XXE) attacks when working with XML data, which can be exploited by remote attacker could exploit the vulnerability to expose sensitive information or consume memory resources.
CPE | Name | Operator | Version |
---|---|---|---|
ibm cognos analytics | eq | 11.1.7 | |
ibm cognos analytics | eq | 11.2.0 | |
ibm cognos analytics | eq | 11.2.1 |