CVE-2019-4730

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.0 through 11.1

Description The issue is related to the incorrect restriction of XML links to external objects, which can be exploited by a remote attacker to impact the confidentiality and availability of protected information. This can lead to sensitive information exposure or memory resource consumption.

Recommendations For versions 11.0 and 11.1, consider disabling XML processing until a patch is available to prevent exploitation. Restrict access to sensitive information to minimize the risk of exposure. As a temporary workaround, limit the amount of memory resources available to the application to prevent consumption by an attacker. At the moment, there is no information about a newer version that contains a fix for this vulnerability.