CVE-2022-34357

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics Mobile Server versions 11.1.7 through 12.0.0

Description The issue is related to a Denial of Service condition due to weak or absence of rate limiting. By making unlimited HTTP requests, it is possible for a single user to exhaust server resources over a period of time, making the service unavailable for other legitimate users.

Recommendations For versions 11.1.7, 11.2.4, and 12.0.0, consider implementing rate limiting on HTTP requests to prevent exhaustion of server resources. As a temporary workaround, consider restricting the number of HTTP requests from a single user to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.