Lucene search

IbmCVELIST:CVE-2021-20464

HistoryApr 22, 2022 - 4:30 p.m.

CVE-2021-20464

2022-04-2216:30:29

ibm

www.cve.org

ibm

cognos analytics

xml bomb

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

CNA Affected

[
  {
    "product": "Cognos Analytics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.2.0"
      },
      {
        "status": "affected",
        "version": "11.1.7"
      },
      {
        "status": "affected",
        "version": "11.2.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/196813

security.netapp.com/advisory/ntap-20220602-0003/

www.ibm.com/support/pages/node/6570957

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Related for CVELIST:CVE-2021-20464