CVE-2020-4388 — Improper Handling of Exceptional Conditions in IBM Cognos Analytics

CWE-755 — Improper Handling of Exceptional Conditions3 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.2%

top 57.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Analytics

Timeline

PublishedOct 12

Latest updateMay 24

Description

IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶NVDibm/cognos_analytics11.0.0 — 11.0.13+2

▶CVEListV5ibm/cognos_analytics11.0, 11.1+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-77x5-h8g5-w23m: IBM Cognos Analytics 11↗2022-05-24

▶

CVEList

CVE-2020-4388: IBM Cognos Analytics 11↗2020-10-12

▶