CVE-2024-40703 — Insufficiently Protected Credentials in IBM Cognos Analytics

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 91.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Analytics IBM Cognos Analytics Reports

Timeline

PublishedSep 22

Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/cognos_analytics_reports11.0.0.7

▶NVDibm/cognos_analytics_reports11.0.0.7

▶NVDibm/cognos_analytics12.0.0 — 12.0.3+3

▶CVEListV5ibm/cognos_analytics11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Cognos Analytics information disclosure↗2024-09-22

▶

GHSA

GHSA-352f-rwjm-p38m: IBM Cognos Analytics 11↗2024-09-22

▶