Lucene search

[email protected]CVE-2022-43887

HistoryDec 19, 2022 - 9:15 p.m.

CVE-2022-43887

2022-12-1921:15:10

CWE-532

[email protected]

web.nvd.nist.gov

ibm

cognos analytics

sensitive information exposure

api keys

log files

vulnerability

nvd

cve-2022-43887

ibm x-force

240450

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

Affected configurations

Vulners

NVD

Node

ibmcognos_analyticsMatch11.1.7

ibmcognos_analyticsMatch11.2.0

ibmcognos_analyticsMatch11.2.1

VendorProductVersionCPE
ibmcognos_analytics11.1.7cpe:2.3:a:ibm:cognos_analytics:11.1.7:*:*:*:*:*:*:*
ibmcognos_analytics11.2.0cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
ibmcognos_analytics11.2.1cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cognos_analytics	11.1.7	cpe:2.3:a:ibm:cognos_analytics:11.1.7:::::::*
ibm	cognos_analytics	11.2.0	cpe:2.3:a:ibm:cognos_analytics:11.2.0:::::::*
ibm	cognos_analytics	11.2.1	cpe:2.3:a:ibm:cognos_analytics:11.2.1:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cognos Analytics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.7, 11.2.0, 11.2.1"
      }
    ]
  }
]