Skip to main content

Cognos Analytics CVE-2021-20461

MEDIUM
Exposure of Resource to Wrong Sphere (CWE-668)
2021-06-30 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 30, 2021 - 14:15 nvd
MEDIUM 6.5

DescriptionNVD

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.

AnalysisAI

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Resource to Wrong Sphere (CWE-668), which allows attackers to access resources from an unintended security context. IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770. Affected products include: Ibm Cognos Analytics, Netapp Oncommand Insight.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement proper access controls, validate resource access permissions, use security boundaries.

CVE-2022-38708 CRITICAL
9.1 Dec 19

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack

CVE-2020-4377 CRITICAL
9.1 Aug 03

IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML dat

CVE-2019-4178 CRITICAL
9.1 Apr 15

IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. Rated critical severity (CV

CVE-2024-51466 CRITICAL
9.0 Dec 20

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) In

CVE-2021-29756 HIGH
8.8 Dec 03

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which cou

CVE-2021-29745 HIGH
8.8 Oct 15

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access

CVE-2021-29679 HIGH
8.8 Oct 15

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neu

CVE-2024-25047 HIGH
8.6 May 02

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application l

CVE-2020-4388 HIGH
8.2 Oct 12

IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a

CVE-2022-36773 HIGH
8.1 Sep 01

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when proc

CVE-2024-40695 HIGH
8.0 Dec 20

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by

CVE-2020-4302 HIGH
7.8 Oct 12

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CS

Share

CVE-2021-20461 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy