5.4

CVE-2023-35011

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  257705.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmCognos Analytics Version >= 11.1.0 < 11.1.7
IbmCognos Analytics Version >= 11.2.0 < 11.2.4
IbmCognos Analytics Version11.1.7 Update-
IbmCognos Analytics Version11.1.7 Updateinterimfix1
IbmCognos Analytics Version11.1.7 Updateinterimfix2
IbmCognos Analytics Version11.1.7 Updateinterimfix3
IbmCognos Analytics Version11.1.7 Updateinterimfix4
IbmCognos Analytics Version11.1.7 Updateinterimfix5
IbmCognos Analytics Version11.1.7 Updateinterimfix6
IbmCognos Analytics Version11.1.7 Updateinterimfix7
IbmCognos Analytics Version11.1.7 Updateinterimfix8
IbmCognos Analytics Version11.1.7 Updateinterimfix9
IbmCognos Analytics Version11.2.4 Update-
IbmCognos Analytics Version11.2.4 Updatefixpack1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.163
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
psirt@us.ibm.com 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.