CVE-2021-20461 — Resource Exposure in IBM Cognos Analytics

CWE-668 — Resource Exposure CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 58.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Analytics

Timeline

PublishedJun 30

Latest updateMay 24

Description

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/cognos_analytics11.0.0 — 11.0.13+3

▶CVEListV5ibm/cognos_analytics11.0, 11.1+1

🔴Vulnerability Details

GHSA

GHSA-66m8-64xr-mvh7: IBM Cognos Analytics 10↗2022-05-24

▶

CVEList

CVE-2021-20461: IBM Cognos Analytics 10↗2021-06-30

▶