What is CVE-2022-43883?

CVE-2022-43883 is a medium-severity vulnerability in Ibm Cognos Analytics. CVSS score: 6.5/10. Published 2022-12-19.

How severe is CVE-2022-43883?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Ibm Cognos Analytics

CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local f…

EPSS: 0.003 (53.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Ibm Cognos Analytics — versions 11.1.7, 11.2.0, 11.2.1

References

www.ibm.com/support/pages/node/6841801 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/240266 (vdb-entry)

Frequently asked questions

What is CVE-2022-43883?: CVE-2022-43883 is a medium-severity vulnerability in Ibm Cognos Analytics. CVSS score: 6.5/10. Published 2022-12-19.
How severe is CVE-2022-43883?: Medium severity. CVSS v3 base score is 6.5 out of 10.