Security Bulletin: IBM Cognos Analytics with Watson 11.2.1 has addressed multiple vulnerabilities

Summary

Security vulnerabilities have been addressed in IBM Cognos Analytics with Watson 11.2.1

Vulnerability Details

CVEID:CVE-2017-12620
**DESCRIPTION:**Apache OpenNLP could allow a remote attacker to obtain sensitive information, caused by an XXE attack when loading models or dictionaries that contain XML. By using a specially-crafted XML file, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133034 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)

CVEID:CVE-2021-3177
**DESCRIPTION:**Python is vulnerable to a buffer overflow, caused by improper bounds checking by the PyCArg_repr function in _ctypes/callproc.c. By sending specially-crafted arguments to c_double.from_param, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195244 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-29679
**DESCRIPTION:**IBM Cognos Analytics could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199915 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-29745
**DESCRIPTION:**IBM Cognos Analytics is vulnerable to priviledge escalation where a lower evel user could have access to the ‘New Job’ page to which they should not have access to.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201695 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2020-27619
**DESCRIPTION:**An unspecified error with CJK codec tests call eval() on content retrieved throug HTTP in multibytecodec_support.py in Python has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190408 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2020-26116
**DESCRIPTION:**Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the first argument of HTTPConnection.request, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2020-8492
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by a flaw in the urllib.request.AbstractBasicAuthHandler. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a Regular Expression Denial of Service (ReDoS).
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175462 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-8315
**DESCRIPTION:**Python could allow a remote attacker to execute arbitrary code on the system, caused by an insecure dependency load upon launch on Windows 7. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175392 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-13933
**DESCRIPTION:**Apache Shiro could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2020-4951
**DESCRIPTION:**IBM Cognos Analytics contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192027 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Cognos Analytics 11.2.0

IBM Cognos Analytics 11.1.7

Remediation/Fixes

For IBM Cognos Analytics 11.2.0

The recommended solution is to apply IBM Cognos Analytics with Watson 11.2.1

Downloading IBM Cognos Analytics 11.2.1

For IBM Cognos Analytics 11.1.x :

Applicable CVEs have previously been addressed in IBM Cognos Analytics 11.1.7 FP3

IBM Cognos Analytics 11.1.7 FP3

This Security Bulletin is applicable to IBM Cognos Analytics with Watson 11.2.1 (On-Prem).

IBM Cognos Analytics on Cloud 11.2.1 On-Demand (multi-tenant) is now available in all data centers as of October 14, 2021 and no further action is required.

IBM Cognos Analytics Cloud Hosted (Dedicated) customers can begin coordinating upgrades to IBM Cognos Analytics with Watson 11.2.1. Please contact IBM Support to schedule an upgrade.

Workarounds and Mitigations

None