IBM Cognos Analytics Vulnerable to Cross-Site Scripting
CVE-2023-43051

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 26 February 2024

Summary

IBM Cognos Analytics versions 11.1.7, 11.2.4, and 12.0.0 are susceptible to a cross-site scripting flaw that enables users to deploy arbitrary JavaScript code within the application's web interface. This allows for manipulation of the application’s intended functionality, which could potentially expose user credentials during a trusted session. This vulnerability raises significant security concerns as it can lead to unauthorized access or data integrity issues.

Affected Version(s)

Cognos Analytics 11.1.7, 11.2.4, 12.0.0

References

https://www.ibm.com/support/pages/node/7123154

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/267451

vdb-entry

https://security.netapp.com/advisory/ntap-20240322-0008/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Sep 15, 2023

Collectors

NVD DatabaseMitre Database