CVE-2021-38945 — Unrestricted File Upload in IBM Cognos Analytics
Severity
9.8CRITICALNVD
EPSS
0.2%
top 54.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 24
Latest updateJun 25
Description
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9