← Back

CVE-2022-43883

nvd nist
Published: Dec 19, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

Affected (7)

Ibm
1 product
Cognos Analytics
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Cognos Analytics
From 11.1.0 to 11.1.7
Cognos Analytics
From 11.2.0 to 11.2.3
Cognos Analytics
Version 11.1.7 fixpack1
Cognos Analytics
Version 11.1.7 fixpack2
Cognos Analytics
Version 11.1.7 fixpack3
Cognos Analytics
Version 11.1.7 fixpack4
Cognos Analytics
Version 11.1.7 fixpack5

Related CWEs

CWE-116
Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (4)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.