CVE-2022-22363

Published: Jan 7, 2025Modified: Jul 3, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: psirt@us.ibm.com (Secondary)

Description

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Affected (2)

Products: Ibm: Cognos Controller, Controller

2 products

Cognos Controller

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Cognos Controller	From 11.0.0 to 11.0.1
Ibm Controller	Version 11.1.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (1)

https://www.ibm.com/support/pages/node/7179163

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.