5.3
CVE-2022-43887
- EPSS 0.08%
- Veröffentlicht 19.12.2022 21:15:10
- Zuletzt bearbeitet 21.11.2024 07:27:19
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Cognos Analytics Version >= 11.1.0 < 11.1.7
Ibm ≫ Cognos Analytics Version >= 11.2.0 <= 11.2.3
Ibm ≫ Cognos Analytics Version11.1.7 Update-
Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack1
Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack2
Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack3
Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack4
Ibm ≫ Cognos Analytics Version11.1.7 Updatefixpack5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.249 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| psirt@us.ibm.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.