10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
IBM Cognos Controller is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j (CVE-2021-45046) vulnerability. Please note that this update also addresses CVE-2021-44228.
Apply the following interim fix to all IBM Cognos Controller 10.4.2 installations as soon as possible.
Release | File |
---|---|
10.4.2 IF16 | 10.4.2000.1108 |
IBM Cognos Controller 10.4.2 Interim Fix 16 requires that IBM Cognos Controller 10.4.2 is installed.
Our interim fixes are cumulative by design. Hence all interim fixes include all updates from earlier interim fixes.
Install an interim fix on Microsoft® Windows®
[{“INLabel”:“IBM Cognos Controller Installation Guide”,“INLang”:“English”,“INSize”:“1000000 B”,“INURL”:“https://www.ibm.com/docs/en/cognos-controller/10.4.2?topic=1042-introduction\n\n”}]
Click the FC link in the**Use Fix Central **section below to start downloading your package.
Remediated Security Vulnerabilities
On
[{“DNLabel”:“IBM Cognos Controller 10.4.2 Interim Fix 16”,“DNDate”:“21 Dec 2021”,“DNLang”:“English”,“DNSize”:“2.25 GB”,“DNPlat”:{“label”:“Windows”,“code”:“PF033”},“DNURL”:“https://www-945.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Cognos+8+Controller&release=All&platform=All&function=fixId&fixids=10.4.2.0-BA-CNTRL-Win64-IF016:0&includeSupersedes=0&source=fc&login=true",“DNURL_FTP”:“”,"DDURL”:null}]
[{“Type”:“MASTER”,“Line of Business”:{“code”:“LOB10”,“label”:“Data and AI”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Product”:{“code”:“SS9S6B”,“label”:“IBM Cognos Controller”},“ARM Category”:[{“code”:“a8m0z0000001ftoAAA”,“label”:“Other”}],“ARM Case Number”:“”,“Platform”:[{“code”:“PF033”,“label”:“Windows”}],“Version”:“10.4.2”}]
CPE | Name | Operator | Version |
---|---|---|---|
IBM Cognos Controller | eq | 10.4.2 |
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C