IBM Cognos Analytics Vulnerable to Form Action Hijacking
CVE-2023-32344

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 26 February 2024

Summary

IBM Cognos Analytics versions 11.1.7, 11.2.4, and 12.0.0 are susceptible to form action hijacking. This vulnerability permits an attacker to manipulate the form action attribute, redirecting it to an arbitrary path. Such exploitation can lead to unauthorized access to sensitive data and potential breaches within the affected systems. Organizations utilizing these versions of Cognos Analytics should prioritize security updates and closely monitor their environments to mitigate risks associated with this vulnerability.

Affected Version(s)

Cognos Analytics e

References

https://www.ibm.com/support/pages/node/7123154

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/255898

vdb-entry

https://security.netapp.com/advisory/ntap-20240405-0002/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
May 8, 2023

Collectors

NVD DatabaseMitre Database