IBM Cognos Analytics 11.1.7-11.2.1 Log Injection via URL Construction
CVE-2022-43883 Published on December 19, 2022
IBM Cognos Analytics data manipulation
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
Vulnerability Analysis
CVE-2022-43883 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Products Associated with CVE-2022-43883
Want to know whenever a new CVE is published for IBM Cognos Analytics? stack.watch will email you.
Affected Versions
IBM Cognos Analytics Version 11.1.7, 11.2.0, 11.2.1 is affected by CVE-2022-43883Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.