CVE-2022-34357

EPSS 0.07%
Veröffentlicht 26.02.2024 16:27:45
Zuletzt bearbeitet 17.12.2024 16:49:34
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users.  IBM X-Force ID:  230510.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netapp ≫ Oncommand Insight Version-

Ibm ≫ Cognos Analytics Version >= 11.1.1 < 11.1.7

Ibm ≫ Cognos Analytics Version >= 11.2.0 < 11.2.4

Ibm ≫ Cognos Analytics Version11.1.7 Update-

Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack1

Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack2

Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack3

Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack4

Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack5

Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack6

Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack7

Ibm ≫ Cognos Analytics Version11.2.4 Update-

Ibm ≫ Cognos Analytics Version11.2.4 Updatefixpack1

Ibm ≫ Cognos Analytics Version11.2.4 Updatefixpack2

Ibm ≫ Cognos Analytics Version12.0.0

Ibm ≫ Cognos Analytics Version12.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
psirt@us.ibm.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://security.netapp.com/advisory/ntap-20240621-0006/

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/230510

Vendor Advisory

VDB Entry

https://security.netapp.com/advisory/ntap-20240405-0001/

Third Party Advisory

https://www.ibm.com/support/pages/node/7123154

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-34357

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34357

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34357

EUVD