Lucene search
HistoryMay 03, 2024 - 6:15 p.m.
CVE-2023-28952
ibm
cognos controller
injection vulnerability
application logging
user provided data
x-force id
251463
nvd
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.
Affected configurations
Node
ibmcognos_controllerMatch10.4.1
ORibmcognos_controllerMatch10.4.2
ORibmcognos_controllerMatch11.0.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cognos_controller | 10.4.1 | cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:* |
| ibm | cognos_controller | 10.4.2 | cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:* |
| ibm | cognos_controller | 11.0.0 | cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Cognos Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.4.1, 10.4.2, 11.0.0"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-28952 IBM Cognos Controller log injection
2024-05-03 17:39:23
nvd
nvd
CVE-2023-28952
2024-05-03 18:15:08
cvelist
cvelist
CVE-2023-28952 IBM Cognos Controller log injection
2024-05-03 17:39:23
ibm
ibm
Security Bulletin: IBM Controller has addressed multiple vulnerabilities
2024-05-01 21:46:16
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for CVE-2023-28952