Cognos Analytics Mobile Server Vulnerable to Denial of Service Attacks
CVE-2022-34357

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 26 February 2024

What is CVE-2022-34357?

IBM Cognos Analytics Mobile Server versions 11.1.7, 11.2.4, and 12.0.0 are susceptible to a Denial of Service attack caused by insufficient rate limiting. This vulnerability enables an attacker to send a high volume of HTTP requests, resulting in the potential exhaustion of server resources. As a result, legitimate users may experience service unavailability, impacting business operations and user productivity. Proper rate limiting measures are essential to mitigate this risk and ensure continued service accessibility.

Affected Version(s)

Cognos Analytics 11.1.7, 11.2.4, 12.0.0

References

https://www.ibm.com/support/pages/node/7123154

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/230510

vdb-entry

https://security.netapp.com/advisory/ntap-20240405-0001/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Jun 23, 2022