CVE-2022-22364

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 10.4.1 through 11.0.0

Description The issue is caused by improper validation of user-supplied input, allowing a remote attacker to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. This can be achieved through DNS rebinding via HTTP requests.

Recommendations For versions 10.4.1 through 11.0.0, upgrade the affected components to remediate the issue. As a temporary workaround, consider restricting access to external services to minimize the risk of exploitation. Assess exposure, review logs, and monitor for exploits to ensure the security of the system.