Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32344

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.

Published

2024-02-26T16:27:46.313

Last Modified

2024-12-17T18:55:38.543

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-352
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application netapp oncommand_insight - Yes
Application ibm cognos_analytics < 11.1.7 Yes
Application ibm cognos_analytics < 11.2.4 Yes
Application ibm cognos_analytics 11.1.7 Yes
Application ibm cognos_analytics 11.1.7 Yes
Application ibm cognos_analytics 11.1.7 Yes
Application ibm cognos_analytics 11.1.7 Yes
Application ibm cognos_analytics 11.1.7 Yes
Application ibm cognos_analytics 11.1.7 Yes
Application ibm cognos_analytics 11.1.7 Yes
Application ibm cognos_analytics 11.1.7 Yes
Application ibm cognos_analytics 11.2.4 Yes
Application ibm cognos_analytics 11.2.4 Yes
Application ibm cognos_analytics 11.2.4 Yes
Application ibm cognos_analytics 12.0.0 Yes
Application ibm cognos_analytics 12.0.1 Yes
References