Lucene search

IbmCVELIST:CVE-2023-23474

HistoryMay 03, 2024 - 5:15 p.m.

CVE-2023-23474 IBM Cognos Controller information disclosure

2024-05-0317:15:55

CWE-209

ibm

www.cve.org

ibm

cognos controller

information disclosure

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cognos Controller",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.4.1, 10.4.2, 11.0.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/245403

www.ibm.com/support/pages/node/7149876

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-23474