CVE-2022-43887

IBM Cognos Analytics information disclosure

CVSS 5.3 MEDIUMEPSS 0.5%CWE-532

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

19 Dec 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

IBM · Cognos Analytics

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/240450 https://www.ibm.com/support/pages/node/6841801