Products
IBM Cognos Controller
- 10.4.1
- 10.4.2
- 11.0.0
Source
psirt@us.ibm.com
Tags
CVE-2022-22364 details
Published : May 3, 2024, 7:15 p.m.
Last Modified : May 3, 2024, 7:15 p.m.
Last Modified : May 3, 2024, 7:15 p.m.
Description
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903.
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
5.3
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References
| URL | Source |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/220903 | psirt@us.ibm.com |
| https://www.ibm.com/support/pages/node/7149876 | psirt@us.ibm.com |
This website uses the NVD API, but is not approved or certified by it.