Lucene search

[email protected]CVE-2022-22364

HistoryMay 03, 2024 - 7:15 p.m.

CVE-2022-22364

2024-05-0319:15:00

CWE-350

[email protected]

web.nvd.nist.gov

ibm cognos controller

external service interaction

improper validation

remote attacker

server-side dns lookups

http requests

arbitrary domain names

suitable payloads

application server

ibm x-force id

nvd

5.3 Medium

CVSS3

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903.

VendorProductVersionCPE
ibmcognos_controller10.4.1cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*
ibmcognos_controller10.4.2cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*
ibmcognos_controller11.0.0cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cognos_controller	10.4.1	cpe:2.3:a:ibm:cognos_controller:10.4.1:::::::*
ibm	cognos_controller	10.4.2	cpe:2.3:a:ibm:cognos_controller:10.4.2:::::::*
ibm	cognos_controller	11.0.0	cpe:2.3:a:ibm:cognos_controller:11.0.0:::::::*

References

exchange.xforce.ibmcloud.com/vulnerabilities/220903

www.ibm.com/support/pages/node/7149876