Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43887

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

Published

2022-12-19T21:15:10.420

Last Modified

2024-11-21T07:27:19.513

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-532
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	cognos_analytics	< 11.1.7	Yes
Application	ibm	cognos_analytics	≤ 11.2.3	Yes
Application	ibm	cognos_analytics	11.1.7	Yes
Application	ibm	cognos_analytics	11.1.7	Yes
Application	ibm	cognos_analytics	11.1.7	Yes
Application	ibm	cognos_analytics	11.1.7	Yes
Application	ibm	cognos_analytics	11.1.7	Yes
Application	ibm	cognos_analytics	11.1.7	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/240450 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/6841801 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/240450 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6841801 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)