CVE-2023-50324

Name of the Vulnerable Software and Affected Versions IBM Cognos Command Center versions 10.2.4.1 through 10.2.5

Description The issue is related to the exposure of information in the IBM Cognos Command Center, which could allow an attacker to obtain details about the application environment and conduct further attacks. This could potentially enable a remote attacker to gain unauthorized access to protected information. The X-AspNet-Version Response Header is specifically exposed, providing insight into the application environment.

Recommendations For versions 10.2.4.1 and 10.2.5, consider restricting access to the X-AspNet-Version Response Header to minimize the risk of exploitation. As a temporary workaround, disabling or limiting the use of this header until a patch is available could help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.