CVE-2022-43887
Summary
| CVE | CVE-2022-43887 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-19 21:15:00 UTC |
| Updated | 2023-11-07 03:54:00 UTC |
| Description | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Cognos Analytics | All | All | All | All |
| Application | Ibm | Cognos Analytics | 11.1.7 | - | All | All |
| Application | Ibm | Cognos Analytics | 11.1.7 | fixpack1 | All | All |
| Application | Ibm | Cognos Analytics | 11.1.7 | fixpack2 | All | All |
| Application | Ibm | Cognos Analytics | 11.1.7 | fixpack3 | All | All |
| Application | Ibm | Cognos Analytics | 11.1.7 | fixpack4 | All | All |
| Application | Ibm | Cognos Analytics | 11.1.7 | fixpack5 | All | All |
| Application | Ibm | Cognos Analytics | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2021-29469, CVE-2022-39160, CVE-2022-38708, CVE-2022-42003, CVE-2022-42004, CVE-2022-43883, CVE-2022-43887, CVE-2022-25647, CVE-2022-36364) | MISC | www.ibm.com | |
| IBM X-Force Exchange | MISC | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.