PT-2020-17985 · Ibm+1 · Ibm Cognos Analytics+1

Published

2020-10-12

Updated

2021-07-21

CVE-2020-4302

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.0 through 11.1

Description The issue allows a remote attacker to execute arbitrary code on the system due to a CSV injection. This can be exploited by persuading a victim to open a specially-crafted Excel file, which could then execute arbitrary code on the system.

Recommendations For IBM Cognos Analytics versions 11.0 through 11.1, consider avoiding the use of CSV files from untrusted sources until a fix is available. As a temporary workaround, restrict access to Excel files from unknown origins to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236

Related Identifiers

CVE-2020-4302

Affected Products

Office Excel

Ibm Cognos Analytics

PT-2020-17985 · Ibm+1 · Ibm Cognos Analytics+1

CVE-2020-4302

Weakness Enumeration

Related Identifiers

Affected Products

References · 4