PT-2022-5187 · Ibm · Ibm Cognos Analytics
Jeff Hutchinson
+1
·
Published
2022-10-17
·
Updated
2022-11-04
·
CVE-2022-34339
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Analytics versions 11.1.7 through 11.2.1
Description
The issue is related to the transmission of critical information in plain text. Exploitation of this issue may allow a remote attacker to disclose protected information. It is noted that user credentials are stored in plain clear text, which can be read by an authenticated user.
Recommendations
For IBM Cognos Analytics versions 11.1.7 through 11.2.1, consider restricting access to sensitive information and implementing additional security measures to protect user credentials until a fix is available. As a temporary workaround, restrict access to the
user credentials storage to minimize the risk of exploitation.Fix
Cleartext Storage of Sensitive Information
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Cognos Analytics