4.3

CVE-2023-32344

IBM Cognos Analytics cross-site request forgery

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path.  IBM X-Force ID:  255898.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetappOncommand Insight Version-
IbmCognos Analytics Version >= 11.1.1 < 11.1.7
IbmCognos Analytics Version >= 11.2.0 < 11.2.4
IbmCognos Analytics Version11.1.7 Update-
IbmCognos Analytics Version11.1.7 Updatefixpack1
IbmCognos Analytics Version11.1.7 Updatefixpack2
IbmCognos Analytics Version11.1.7 Updatefixpack3
IbmCognos Analytics Version11.1.7 Updatefixpack4
IbmCognos Analytics Version11.1.7 Updatefixpack5
IbmCognos Analytics Version11.1.7 Updatefixpack6
IbmCognos Analytics Version11.1.7 Updatefixpack7
IbmCognos Analytics Version11.2.4 Update-
IbmCognos Analytics Version11.2.4 Updatefixpack1
IbmCognos Analytics Version11.2.4 Updatefixpack2
IbmCognos Analytics Version12.0.0
IbmCognos Analytics Version12.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.296
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
psirt@us.ibm.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://security.netapp.com/advisory/ntap-20240621-0006/
Third Party Advisory
https://www.ibm.com/support/pages/node/7123154
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/255898
Vendor Advisory
VDB Entry
https://security.netapp.com/advisory/ntap-20240405-0002/
Third Party Advisory