CVE-2022-43883

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.1.7 through 11.2.1

Description The issue allows attackers to perform a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system.

Recommendations For versions 11.1.7 through 11.2.1, consider restricting access to user-controlled data to minimize the risk of exploitation. As a temporary workaround, avoid using user-controlled data in URL constructions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.