CVE-2022-30614

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.1.7 through 11.2.1

Description The issue is a denial of service vulnerability via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this to cause the server to consume all available CPU resources.

Recommendations For versions 11.1.7, 11.2.0, and 11.2.1, consider restricting access to the email flooding functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the email flooding feature to prevent the server from consuming all available CPU resources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.