CVE-2022-22363

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1 IBM Controller version 11.1.0

Description The issue is related to the error reporting mechanism in IBM Cognos Controller and IBM Controller, which could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. The vulnerability is associated with the reporting mechanism's shortcomings, potentially enabling an attacker to gain unauthorized access to protected information.

Recommendations For IBM Cognos Controller versions 11.0.0 through 11.0.1, consider disabling the detailed technical error messages in the browser until a patch is available. For IBM Controller version 11.1.0, restrict access to error messages to minimize the risk of exploitation. As a temporary workaround, avoid displaying detailed error messages in the browser for all affected versions until the issue is resolved.