CVE-2022-43887 - Vulnerability Details - OpenCVE

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Cognos Analytics

Configuration 1 [-]

OR	cpe:2.3:a:ibm:cognos_analytics::::::::
	cpe:2.3:a:ibm:cognos_analytics::::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:-::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4::::::
	cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack5::::::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/240450
https://www.ibm.com/support/pages/node/6841801

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-12-19T20:27:09.027Z

Updated: 2024-08-03T13:40:06.582Z

Reserved: 2022-10-26T15:46:22.832Z

Link: CVE-2022-43887

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-19T21:15:10.420

Modified: 2024-11-21T07:27:19.513

Link: CVE-2022-43887

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43887", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2022-10-26T15:46:22.832Z", "datePublished": "2022-12-19T20:27:09.027Z", "dateUpdated": "2024-08-03T13:40:06.582Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cognos Analytics", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1.7, 11.2.0, 11.2.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.</span>\n\n"}], "value": "\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2022-12-19T20:27:09.027Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/6841801"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Cognos Analytics information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.582Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6841801"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "89AC2F63-02F5-449F-A66C-24AAFA34ED98", "versionEndExcluding": "11.1.7", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "66978806-0222-4AC6-B8E3-324154916FFA", "versionEndIncluding": "11.2.3", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*", "matchCriteriaId": "6680448A-C3B3-4FEE-A500-974681D3E731", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*", "matchCriteriaId": "A2E66D31-A2CC-4F06-89D3-9A881EADE0FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*", "matchCriteriaId": "A76630E7-2DEB-4992-A671-85729B80E46B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*", "matchCriteriaId": "38BDC609-EA7D-4C15-868A-EC8D8FFD3AF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*", "matchCriteriaId": "BCF5213D-4BB1-4109-8B1B-5CA129819692", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack5:*:*:*:*:*:*", "matchCriteriaId": "C3F972B5-E6C3-4D95-8C61-B9F90C1BAC36", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.\n\n"}, {"lang": "es", "value": "IBM Cognos Analytics 11.1.7, 11.2.0 y 11.2.1 podr\u00edan ser vulnerables a la exposici\u00f3n de informaci\u00f3n confidencial al pasar claves API a archivos de registro. Si estas claves contienen informaci\u00f3n confidencial, podr\u00edan provocar m\u00e1s ataques. ID de IBM X-Force: 240450."}], "id": "CVE-2022-43887", "lastModified": "2024-11-21T07:27:19.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-19T21:15:10.420", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6841801"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6841801"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}