IBM Cognos Analytics Vulnerable to Cross-Site Scripting
CVE-2023-38359

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 26 February 2024

Summary

IBM Cognos Analytics has a vulnerability that allows for cross-site scripting (XSS). This security flaw permits attackers to inject arbitrary JavaScript code into the Web UI of affected versions. As a result, the intended functionality of the application can be altered, which may lead to the disclosure of sensitive credentials during a trusted session. Organizations using Cognos Analytics versions 11.1.7, 11.2.4, or 12.0.0 should take immediate precautions to safeguard their systems from potential exploitation. For more details, please refer to vendor advisories and vulnerability databases.

Affected Version(s)

Cognos Analytics e

References

https://www.ibm.com/support/pages/node/7123154

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/260744

vdb-entry

https://security.netapp.com/advisory/ntap-20240405-0003/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Jul 16, 2023

Collectors

NVD DatabaseMitre Database