Lucene search

IbmCVELIST:CVE-2023-28952

HistoryMay 03, 2024 - 5:39 p.m.

CVE-2023-28952 IBM Cognos Controller log injection

2024-05-0317:39:23

CWE-117

ibm

www.cve.org

ibm cognos controller

log injection

vulnerability

version 10.4.1

version 10.4.2

version 11.0.0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cognos Controller",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.4.1, 10.4.2, 11.0.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/251463

www.ibm.com/support/pages/node/7149876

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-28952