CVE-2022-38708

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.1.7 through 11.2.1

Description The issue allows for a Server-Side Request Forgery Attack (SSRF) by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system.

Recommendations For versions 11.1.7 through 11.2.1, consider restricting access to user-controlled data to minimize the risk of SSRF attacks until a patch is available. As a temporary workaround, consider disabling the construction of URLs from user-controlled data to prevent arbitrary requests to the internal network or local file system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.