PT-2023-7181 · Ibm · Ibm Cognos Dashboards On Cloud Pak For Data
Published
2023-10-21
·
Updated
2023-10-27
·
CVE-2023-38735
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Dashboards on Cloud Pak for Data version 4.7.0
Description
The issue is caused by a reverse tabnabbing flaw, which could allow a remote attacker to bypass security restrictions. An attacker could exploit this and redirect a victim to a phishing site. The vulnerability is related to deficiencies in the authentication procedure.
Recommendations
For IBM Cognos Dashboards on Cloud Pak for Data version 4.7.0, consider disabling the affected functionality until a patch is available. Restrict access to sensitive areas of the dashboard to minimize the risk of exploitation. Avoid using the dashboard for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Dashboards On Cloud Pak For Data