QwikSec

Security Database

CVE

CWE

Training

CVE-2023-38359

Published: Feb 24, 2024

Modified: Feb 13, 2025

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744.

Vendor	Product	Versions
IBM	Cognos Analytics	affected `e`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://www.ibm.com/support/pages/node/7123154

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/260744

vdb-entry

https://security.netapp.com/advisory/ntap-20240405-0003/

https://security.netapp.com/advisory/ntap-20240621-0006/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.