CVE-2022-34357

CWE-770Allocation without Limits3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 78.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics
Timeline
PublishedFeb 26

Description

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/cognos_analytics11.1.111.1.7+5
CVEListV5ibm/cognos_analytics11.1.7, 11.2.4, 12.0.0

🔴Vulnerability Details

2
GHSA
GHSA-273x-mxvr-9vx2: IBM Cognos Analytics Mobile Server 112024-02-26
CVEList
IBM Cognos Analytics Mobile Server denial of service2024-02-24
CVE-2022-34357 (MEDIUM CVSS 6.5) | IBM Cognos Analytics Mobile Server | cvebase.io