IBM43D5D2287DD69DF78455A844FE39C543389D7AD16347C3F2E9BD40E642B1714DSecurity Bulletin: IBM Cognos Analytics has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2023-35009, CVE-2023-35011)
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.006 Low
EPSS
Percentile
79.3%
Summary
Security vulnerabilities have been addressed in IBM Cognos Analytics. IBM Cognos Analytics is vulnerable to an Arbitrary File Write via Archive Extraction (Zip Slip) in JSZip (CVE-2022-48285). This has been addressed by upgrading JZIP to a non-vulnerable version. A Server-Side Request Forgery (SSRF) vulnerability has been addressed (CVE-2023-35011). Additionally, a vulnerability that exposes a detailed error message which could be used to gain information for further attacks has been addressed (CVE-2023-35009).
Vulnerability Details
CVEID:CVE-2023-35011
**DESCRIPTION:**IBM Cognos Analytics is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257705 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2022-48285
**DESCRIPTION:**JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files and execute arbitrary commands on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2023-35009
**DESCRIPTION:**IBM Cognos Analytics could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257703 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cognos Analytics | 12.0 |
| IBM Cognos Analytics | 11.2.x |
| IBM Cognos Analytics | 11.1.x |
Remediation/Fixes
IBM strongly recommends addressing the vulnerabilities now by upgrading.
| **Product(s) ** | **Version(s) ** | **Remediation/Fix/Instructions ** |
|---|---|---|
| IBM Cognos Analytics |
12.0
|
Downloading IBM Cognos Analytics 12.0.1
IBM Cognos Analytics|
11.2.x
|
IBM Cognos Analytics 11.2.4 Fix Pack 2
IBM Cognos Analytics|
11.1.x
|
IBM Cognos Analytics 11.1.7 Interim Fix 10
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cognos analytics | eq | 12.0 | |
| ibm cognos analytics | eq | 11.2.1 | |
| ibm cognos analytics | eq | 11.2.0 | |
| ibm cognos analytics | eq | 11.1.7 |
Related
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.006 Low
EPSS
Percentile
79.3%