Lucene search

[email protected]NVD:CVE-2022-43887

HistoryDec 19, 2022 - 9:15 p.m.

CVE-2022-43887

2022-12-1921:15:10

CWE-532

[email protected]

web.nvd.nist.gov

ibm

cognos analytics

sensitive information

exposure

api keys

log files

attacks

x-force id 240450

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

25.9%

JSON

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

Affected configurations

NVD

Node

ibmcognos_analyticsRange11.1.0–11.1.7

ibmcognos_analyticsRange11.2.0–11.2.3

ibmcognos_analyticsMatch11.1.7-

ibmcognos_analyticsMatch11.1.7fixpack1

ibmcognos_analyticsMatch11.1.7fixpack2

ibmcognos_analyticsMatch11.1.7fixpack3

ibmcognos_analyticsMatch11.1.7fixpack4

ibmcognos_analyticsMatch11.1.7fixpack5

References

exchange.xforce.ibmcloud.com/vulnerabilities/240450

www.ibm.com/support/pages/node/6841801

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for NVD:CVE-2022-43887

cvelist1 cnvd1 cve1 prion1 nessus1 ibm1