Cognos Analytics Vulnerability Could Lead to Sensitive Information Disclosure
CVE-2024-40703

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics; Cognos Analytics Reports
Vendor: CVE Published:; 22 September 2024

What is CVE-2024-40703?

A local information disclosure vulnerability exists in IBM Cognos Analytics that may allow an attacker with local access to the system to obtain sensitive information, specifically an API key. This API key could be exploited to perform unauthorized actions or launch subsequent attacks against the affected applications. Users of IBM Cognos Analytics should take immediate steps to safeguard their systems and data against potential exploitation of this vulnerability.

Affected Version(s)

Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3

Cognos Analytics Reports iOS 11.0.0.7

References

https://www.ibm.com/support/pages/node/7160700

vendor-advisory

https://www.ibm.com/support/pages/node/7168038

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2024
Vulnerability Reserved
Jul 8, 2024