CVE-2022-43887
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Cognos Analytics | 11.1.7, 11.2.0, 11.2.1 | affected |
Weaknesses
- CWE-532: CWE-532 Insertion of Sensitive Information into Log File
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6841801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/240450
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.ibm.com/support/pages/node/6841801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/240450
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.