5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.5%
IBM Cognos Analytics is vulnerable to a cross-site scripting vulnerability (XSS) in JupyterHub and remote code execution (RCE) vulnerability in R Programming Language which is used by Jupyter Notebook. IBM Cognos Analytics has addressed a Denial of Service (DOS) vulnerability and an Information Disclosure vulnerability in Apache MINA. IBM Cognos Analytics has addressed the applicable CVEs by upgrading the vulnerable libraries. Please refer to the Related Information section below for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Analytics and not any nested dependencies within the product.
CVEID:CVE-2024-28233
**DESCRIPTION:**JupyterHub is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286522 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
CVEID:CVE-2019-0231
**DESCRIPTION:**Apache MINA could allow a remote attacker to obtain sensitive information, caused by the improper handling of the close_notify SSL/TLS message in the SSLFilter. By sending a specially-crafted request, an attacker could exploit this vulnerability to receive clear-text messages and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159470 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2021-41973
**DESCRIPTION:**Apache MINA is vulnerable to a denial of service, caused by a flaw in the HTTP Header decoder. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the HTTP Header decoder to loop indefinitely, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212552 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-27322
**DESCRIPTION:**R Programming Language could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuading a victim to open a specially crafted .rds or .rdx file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289561 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cognos Analytics | 12.0.0-12.0.3 |
IBM Cognos Analytics | 11.2.0-11.2.4 FP3 |
IBM strongly recommends addressing the vulnerability now by upgrading.
**Product(s) ** | **Version(s) ** | **Remediation/Fix/Instructions ** |
---|---|---|
IBM Cognos Analytics |
12.0.0-12.0.3
|
Downloading IBM Cognos Analytics 12.0.3 IF1
IBM Cognos Analytics|
11.2.0-11.2.4 FP3
|
IBM Cognos Analytics 11.2.4 FP4
None
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.5%