CVE-2024-40703
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
9.6%
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cognos_analytics | * | cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* |
| ibm | cognos_analytics | 11.2.4 | cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:* |
| ibm | cognos_analytics | 12.0.3 | cpe:2.3:a:ibm:cognos_analytics:12.0.3:-:*:*:*:*:*:* |
| ibm | cognos_analytics | 12.0.3 | cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1:*:*:*:*:*:* |
| ibm | cognos_analytics_reports | 11.0.0.7 | cpe:2.3:a:ibm:cognos_analytics_reports:11.0.0.7:*:*:*:*:iphone_os:*:* |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
9.6%