CVE-2023-30996Origin Validation Error in IBM Cognos Analytics

CWE-346Origin Validation Error3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 77.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics
Timeline
PublishedFeb 26

Description

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/cognos_analytics11.1.111.1.7+5
CVEListV5ibm/cognos_analytics11.1.7, 11.2.4, 12.0.0

🔴Vulnerability Details

2
GHSA
GHSA-mj54-2qgh-27pf: IBM Cognos Analytics 112024-02-26
CVEList
IBM Cognos Analytics cross-origin resource sharing2024-02-24
CVE-2023-30996 — Origin Validation Error in IBM | cvebase