IBM Cognos Analytics Vulnerable to Cross-Site Scripting
CVE-2023-43051

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Cognos Analytics
Vendor
CVE Published:
26 February 2024

What is CVE-2023-43051?

IBM Cognos Analytics versions 11.1.7, 11.2.4, and 12.0.0 are susceptible to a cross-site scripting flaw that enables users to deploy arbitrary JavaScript code within the application's web interface. This allows for manipulation of the application’s intended functionality, which could potentially expose user credentials during a trusted session. This vulnerability raises significant security concerns as it can lead to unauthorized access or data integrity issues.

Affected Version(s)

Cognos Analytics 11.1.7, 11.2.4, 12.0.0

References

https://www.ibm.com/support/pages/node/7123154
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/267451
vdb-entry
https://security.netapp.com/advisory/ntap-20240322-0008/

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-43051 : IBM Cognos Analytics Vulnerable to Cross-Site Scripting