What is CVE-2022-38708?

CVE-2022-38708 is a medium-severity vulnerability in Ibm Cognos Analytics, classified under Server-Side Request Forgery (SSRF). CVSS score: 6.5/10. Published 2022-12-19.

How severe is CVE-2022-38708?

Medium severity. CVSS v3 base score is 6.5 out of 10.

SSRF in Ibm Cognos Analytics

CVE-2022-38708

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the interna…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.002 (47.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Ibm Cognos Analytics — versions 11.1.7 11.2.0, 11.2.1

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

www.ibm.com/support/pages/node/6841801 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/234180 (vdb-entry)

Frequently asked questions

What is CVE-2022-38708?: CVE-2022-38708 is a medium-severity vulnerability in Ibm Cognos Analytics, classified under Server-Side Request Forgery (SSRF). CVSS score: 6.5/10. Published 2022-12-19.
How severe is CVE-2022-38708?: Medium severity. CVSS v3 base score is 6.5 out of 10.