cvelistv5 - cve-2022-30614

CVE-2022-30614 (GCVE-0-2022-30614)

Vulnerability from cvelistv5 – Published: 2022-09-01 19:00 – Updated: 2024-09-17 00:57

Summary

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/C:N/AV:N/AC:L/I:N/S:U/UI:N/A:H/PR:L/RC:C/E:U/RL:O

CWE

Denial of Service

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/6615285
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry
	https://security.netapp.com/advisory/ntap-2022101…

Impacted products

	Vendor	Product	Version
	IBM	Cognos Analytics	Affected: 11.2.0 Affected: 11.1.7 Affected: 11.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6615285"
          },
          {
            "name": "ibm-cognos-cve202230614-dos (227591)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cognos Analytics",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.2.0"
            },
            {
              "status": "affected",
              "version": "11.1.7"
            },
            {
              "status": "affected",
              "version": "11.2.1"
            }
          ]
        }
      ],
      "datePublic": "2022-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:N/AV:N/AC:L/I:N/S:U/UI:N/A:H/PR:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-14T00:00:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/6615285"
        },
        {
          "name": "ibm-cognos-cve202230614-dos (227591)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-30614",
    "datePublished": "2022-09-01T19:00:28.959064Z",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-09-17T00:57:07.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1.0\", \"versionEndExcluding\": \"11.1.7\", \"matchCriteriaId\": \"89AC2F63-02F5-449F-A66C-24AAFA34ED98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.2.0\", \"versionEndExcluding\": \"11.2.3\", \"matchCriteriaId\": \"820F9237-E014-43DC-9AEB-9FA97FA52E5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6680448A-C3B3-4FEE-A500-974681D3E731\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2E66D31-A2CC-4F06-89D3-9A881EADE0FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A76630E7-2DEB-4992-A671-85729B80E46B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*\", \"matchCriteriaId\": \"38BDC609-EA7D-4C15-868A-EC8D8FFD3AF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCF5213D-4BB1-4109-8B1B-5CA129819692\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.\"}, {\"lang\": \"es\", \"value\": \"IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a una denegaci\\u00f3n de servicio por inundaci\\u00f3n de correo electr\\u00f3nico causada por el env\\u00edo de una petici\\u00f3n especialmente dise\\u00f1ada. Un atacante remoto podr\\u00eda aprovechar esta vulnerabilidad para causar que el servidor consuma todos los recursos de CPU disponibles. IBM X-Force ID: 227591\"}]",
      "id": "CVE-2022-30614",
      "lastModified": "2024-11-21T07:03:01.740",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2022-09-01T19:15:12.307",
      "references": "[{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/227591\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221014-0005/\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6615285\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/227591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221014-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6615285\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-30614\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2022-09-01T19:15:12.307\",\"lastModified\":\"2024-11-21T07:03:01.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.\"},{\"lang\":\"es\",\"value\":\"IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a una denegaci\u00f3n de servicio por inundaci\u00f3n de correo electr\u00f3nico causada por el env\u00edo de una petici\u00f3n especialmente dise\u00f1ada. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para causar que el servidor consuma todos los recursos de CPU disponibles. IBM X-Force ID: 227591\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndExcluding\":\"11.1.7\",\"matchCriteriaId\":\"89AC2F63-02F5-449F-A66C-24AAFA34ED98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.0\",\"versionEndExcluding\":\"11.2.3\",\"matchCriteriaId\":\"820F9237-E014-43DC-9AEB-9FA97FA52E5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6680448A-C3B3-4FEE-A500-974681D3E731\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E66D31-A2CC-4F06-89D3-9A881EADE0FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A76630E7-2DEB-4992-A671-85729B80E46B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*\",\"matchCriteriaId\":\"38BDC609-EA7D-4C15-868A-EC8D8FFD3AF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCF5213D-4BB1-4109-8B1B-5CA129819692\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/227591\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221014-0005/\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6615285\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/227591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221014-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6615285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2022-30614

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-30614

Aliases

CVE-2022-30614

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-30614",
    "description": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.",
    "id": "GSD-2022-30614"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-30614"
      ],
      "details": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.",
      "id": "GSD-2022-30614",
      "modified": "2023-12-13T01:19:37.208709Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2022-08-31T00:00:00",
        "ID": "CVE-2022-30614",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cognos Analytics",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "11.2.0"
                        },
                        {
                          "version_value": "11.1.7"
                        },
                        {
                          "version_value": "11.2.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "H",
            "AC": "L",
            "AV": "N",
            "C": "N",
            "I": "N",
            "PR": "L",
            "S": "U",
            "SCORE": "6.500",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/6615285",
            "refsource": "CONFIRM",
            "title": "IBM Security Bulletin 6615285 (Cognos Analytics)",
            "url": "https://www.ibm.com/support/pages/node/6615285"
          },
          {
            "name": "ibm-cognos-cve202230614-dos (227591)",
            "refsource": "XF",
            "title": "X-Force Vulnerability Report",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20221014-0005/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1.7",
                "versionStartIncluding": "11.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2.3",
                "versionStartIncluding": "11.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2022-30614"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6615285",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6615285"
            },
            {
              "name": "ibm-cognos-cve202230614-dos (227591)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20221014-0005/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-11-03T19:04Z",
      "publishedDate": "2022-09-01T19:15Z"
    }
  }
}

FKIE_CVE-2022-30614

Vulnerability from fkie_nvd - Published: 2022-09-01 19:15 - Updated: 2024-11-21 07:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/227591	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20221014-0005/	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6615285	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/227591	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221014-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6615285	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	cognos_analytics	*
ibm	cognos_analytics	*
ibm	cognos_analytics	11.1.7
ibm	cognos_analytics	11.1.7
ibm	cognos_analytics	11.1.7
ibm	cognos_analytics	11.1.7
ibm	cognos_analytics	11.1.7
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AC2F63-02F5-449F-A66C-24AAFA34ED98",
              "versionEndExcluding": "11.1.7",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "820F9237-E014-43DC-9AEB-9FA97FA52E5E",
              "versionEndExcluding": "11.2.3",
              "versionStartIncluding": "11.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "6680448A-C3B3-4FEE-A500-974681D3E731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*",
              "matchCriteriaId": "A2E66D31-A2CC-4F06-89D3-9A881EADE0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*",
              "matchCriteriaId": "A76630E7-2DEB-4992-A671-85729B80E46B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*",
              "matchCriteriaId": "38BDC609-EA7D-4C15-868A-EC8D8FFD3AF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*",
              "matchCriteriaId": "BCF5213D-4BB1-4109-8B1B-5CA129819692",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591."
    },
    {
      "lang": "es",
      "value": "IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, es vulnerable a una denegaci\u00f3n de servicio por inundaci\u00f3n de correo electr\u00f3nico causada por el env\u00edo de una petici\u00f3n especialmente dise\u00f1ada. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para causar que el servidor consuma todos los recursos de CPU disponibles. IBM X-Force ID: 227591"
    }
  ],
  "id": "CVE-2022-30614",
  "lastModified": "2024-11-21T07:03:01.740",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-01T19:15:12.307",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6615285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6615285"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2022-AVI-785

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM Cognos Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Cognos Analytics	IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 5
	IBM	Cognos Analytics	IBM Cognos Analytics versions 11.2.x antérieures à 11.2.3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6615285 du 31 août 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-4301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4301"
    },
    {
      "name": "CVE-2021-20468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20468"
    },
    {
      "name": "CVE-2021-29823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29823"
    },
    {
      "name": "CVE-2021-44532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
    },
    {
      "name": "CVE-2022-36773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36773"
    },
    {
      "name": "CVE-2021-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
    },
    {
      "name": "CVE-2022-29078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"
    },
    {
      "name": "CVE-2021-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23438"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2022-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30614"
    },
    {
      "name": "CVE-2021-44533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
    },
    {
      "name": "CVE-2021-29418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29418"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2021-39045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39045"
    },
    {
      "name": "CVE-2022-21824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
    },
    {
      "name": "CVE-2022-21803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21803"
    },
    {
      "name": "CVE-2021-39009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39009"
    },
    {
      "name": "CVE-2021-44531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
    },
    {
      "name": "CVE-2021-28918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28918"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-3749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-785",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Cognos\nAnalytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Cognos Analytics",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6615285 du 31 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6615285"
    }
  ]
}

CERTFR-2025-AVI-0608

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 sans les derniers correctifs de sécurité pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP12 IF03
IBM	WebSphere	WebSphere Remote Server sans les derniers correctifs de sécurité
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.4.x antérieures à 6.4.0.2 pour Unix
IBM	Sterling	Sterling Connect:Direct FTP+ versions 1.3.0 antérieures à 1.3.0.1
IBM	Db2 Query Management Facility	Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5 pour Unix
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.3
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.7 pour Windows
IBM	QRadar Incident Forensics	QRadar Incident Forensics versions 7.5.0 antérieures à 7.5.0 UP12 IF03
IBM	WebSphere	WebSphere Application Server Liberty versions antérieures à 25.0.0.8
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.7.iFix052 pour Unix
IBM	Cognos Analytics	Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 5
IBM	WebSphere	WebSphere Application Server versions 9.0.0.x antérieures à 9.0.5.25
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif PH67142 iFix

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7239645	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239617	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239753	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239757	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239856	2025-07-16	vendor-advisory
Bulletin de sécurité IBM 7239492	2025-07-11	vendor-advisory
Bulletin de sécurité IBM 6615285	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239816	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239564	2025-07-11	vendor-advisory
Bulletin de sécurité IBM 7239627	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239598	2025-07-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar SIEM versions 7.5.0 sans les derniers correctifs de s\u00e9curit\u00e9 pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Remote Server sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.2 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct FTP+ versions 1.3.0 ant\u00e9rieures \u00e0 1.3.0.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45",
      "product": {
        "name": "Db2 Query Management Facility",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7 pour Windows",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
      "product": {
        "name": "QRadar Incident Forensics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 25.0.0.8",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7.iFix052 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 9.0.0.x ant\u00e9rieures \u00e0 9.0.5.25",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif PH67142 iFix",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
    },
    {
      "name": "CVE-2020-4301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4301"
    },
    {
      "name": "CVE-2024-52005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52005"
    },
    {
      "name": "CVE-2021-20468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20468"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2021-29823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29823"
    },
    {
      "name": "CVE-2021-44532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2022-36773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36773"
    },
    {
      "name": "CVE-2021-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2022-29078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"
    },
    {
      "name": "CVE-2023-33953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33953"
    },
    {
      "name": "CVE-2021-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23438"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2022-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30614"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2022-49395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49395"
    },
    {
      "name": "CVE-2021-44533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2021-29418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29418"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2021-39045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39045"
    },
    {
      "name": "CVE-2022-21824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
    },
    {
      "name": "CVE-2022-21803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21803"
    },
    {
      "name": "CVE-2021-39009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39009"
    },
    {
      "name": "CVE-2025-32414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
    },
    {
      "name": "CVE-2020-16156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
    },
    {
      "name": "CVE-2025-2900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
    },
    {
      "name": "CVE-2025-5283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
    },
    {
      "name": "CVE-2021-44531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
    },
    {
      "name": "CVE-2021-28918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28918"
    },
    {
      "name": "CVE-2025-36038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-3749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0608",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239645",
      "url": "https://www.ibm.com/support/pages/node/7239645"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239617",
      "url": "https://www.ibm.com/support/pages/node/7239617"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239753",
      "url": "https://www.ibm.com/support/pages/node/7239753"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239757",
      "url": "https://www.ibm.com/support/pages/node/7239757"
    },
    {
      "published_at": "2025-07-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239856",
      "url": "https://www.ibm.com/support/pages/node/7239856"
    },
    {
      "published_at": "2025-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239492",
      "url": "https://www.ibm.com/support/pages/node/7239492"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6615285",
      "url": "https://www.ibm.com/support/pages/node/6615285"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239816",
      "url": "https://www.ibm.com/support/pages/node/7239816"
    },
    {
      "published_at": "2025-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239564",
      "url": "https://www.ibm.com/support/pages/node/7239564"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239627",
      "url": "https://www.ibm.com/support/pages/node/7239627"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239598",
      "url": "https://www.ibm.com/support/pages/node/7239598"
    }
  ]
}

CERTFR-2025-AVI-0608

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 sans les derniers correctifs de sécurité pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP12 IF03
IBM	WebSphere	WebSphere Remote Server sans les derniers correctifs de sécurité
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.4.x antérieures à 6.4.0.2 pour Unix
IBM	Sterling	Sterling Connect:Direct FTP+ versions 1.3.0 antérieures à 1.3.0.1
IBM	Db2 Query Management Facility	Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5 pour Unix
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.3
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.7 pour Windows
IBM	QRadar Incident Forensics	QRadar Incident Forensics versions 7.5.0 antérieures à 7.5.0 UP12 IF03
IBM	WebSphere	WebSphere Application Server Liberty versions antérieures à 25.0.0.8
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.7.iFix052 pour Unix
IBM	Cognos Analytics	Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 5
IBM	WebSphere	WebSphere Application Server versions 9.0.0.x antérieures à 9.0.5.25
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif PH67142 iFix

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7239645	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239617	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239753	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239757	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239856	2025-07-16	vendor-advisory
Bulletin de sécurité IBM 7239492	2025-07-11	vendor-advisory
Bulletin de sécurité IBM 6615285	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239816	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239564	2025-07-11	vendor-advisory
Bulletin de sécurité IBM 7239627	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239598	2025-07-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar SIEM versions 7.5.0 sans les derniers correctifs de s\u00e9curit\u00e9 pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Remote Server sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.2 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct FTP+ versions 1.3.0 ant\u00e9rieures \u00e0 1.3.0.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45",
      "product": {
        "name": "Db2 Query Management Facility",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7 pour Windows",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
      "product": {
        "name": "QRadar Incident Forensics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 25.0.0.8",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7.iFix052 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 9.0.0.x ant\u00e9rieures \u00e0 9.0.5.25",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif PH67142 iFix",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
    },
    {
      "name": "CVE-2020-4301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4301"
    },
    {
      "name": "CVE-2024-52005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52005"
    },
    {
      "name": "CVE-2021-20468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20468"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2021-29823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29823"
    },
    {
      "name": "CVE-2021-44532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2022-36773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36773"
    },
    {
      "name": "CVE-2021-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2022-29078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"
    },
    {
      "name": "CVE-2023-33953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33953"
    },
    {
      "name": "CVE-2021-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23438"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2022-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30614"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2022-49395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49395"
    },
    {
      "name": "CVE-2021-44533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2021-29418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29418"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2021-39045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39045"
    },
    {
      "name": "CVE-2022-21824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
    },
    {
      "name": "CVE-2022-21803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21803"
    },
    {
      "name": "CVE-2021-39009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39009"
    },
    {
      "name": "CVE-2025-32414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
    },
    {
      "name": "CVE-2020-16156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
    },
    {
      "name": "CVE-2025-2900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
    },
    {
      "name": "CVE-2025-5283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
    },
    {
      "name": "CVE-2021-44531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
    },
    {
      "name": "CVE-2021-28918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28918"
    },
    {
      "name": "CVE-2025-36038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-3749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0608",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239645",
      "url": "https://www.ibm.com/support/pages/node/7239645"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239617",
      "url": "https://www.ibm.com/support/pages/node/7239617"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239753",
      "url": "https://www.ibm.com/support/pages/node/7239753"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239757",
      "url": "https://www.ibm.com/support/pages/node/7239757"
    },
    {
      "published_at": "2025-07-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239856",
      "url": "https://www.ibm.com/support/pages/node/7239856"
    },
    {
      "published_at": "2025-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239492",
      "url": "https://www.ibm.com/support/pages/node/7239492"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6615285",
      "url": "https://www.ibm.com/support/pages/node/6615285"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239816",
      "url": "https://www.ibm.com/support/pages/node/7239816"
    },
    {
      "published_at": "2025-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239564",
      "url": "https://www.ibm.com/support/pages/node/7239564"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239627",
      "url": "https://www.ibm.com/support/pages/node/7239627"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239598",
      "url": "https://www.ibm.com/support/pages/node/7239598"
    }
  ]
}

CERTFR-2022-AVI-785

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Cognos Analytics	IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 5
	IBM	Cognos Analytics	IBM Cognos Analytics versions 11.2.x antérieures à 11.2.3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6615285 du 31 août 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-4301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4301"
    },
    {
      "name": "CVE-2021-20468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20468"
    },
    {
      "name": "CVE-2021-29823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29823"
    },
    {
      "name": "CVE-2021-44532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
    },
    {
      "name": "CVE-2022-36773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36773"
    },
    {
      "name": "CVE-2021-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
    },
    {
      "name": "CVE-2022-29078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"
    },
    {
      "name": "CVE-2021-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23438"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2022-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30614"
    },
    {
      "name": "CVE-2021-44533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
    },
    {
      "name": "CVE-2021-29418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29418"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2021-39045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39045"
    },
    {
      "name": "CVE-2022-21824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
    },
    {
      "name": "CVE-2022-21803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21803"
    },
    {
      "name": "CVE-2021-39009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39009"
    },
    {
      "name": "CVE-2021-44531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
    },
    {
      "name": "CVE-2021-28918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28918"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-3749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-785",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Cognos\nAnalytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Cognos Analytics",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6615285 du 31 ao\u00fbt 2022",
      "url": "https://www.ibm.com/support/pages/node/6615285"
    }
  ]
}

GHSA-6XR5-5RM7-VHMX

Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2022-09-08 00:00

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-30614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-01T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.",
  "id": "GHSA-6xr5-5rm7-vhmx",
  "modified": "2022-09-08T00:00:33Z",
  "published": "2022-09-02T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30614"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221014-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6615285"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2022-62370

Vulnerability from cnvd - Published: 2022-09-08

Title

IBM Cognos Analytics存在未明漏洞（CNVD-2022-62370）

Description

IBM Cognos Analytics是美国IBM公司的一套商业智能软件。该软件包括报表、仪表板和记分卡等，并可通过分析关键因素与关键人等内容，协助企业调整决策。 IBM Cognos Analytics 存在安全漏洞，攻击者可利用盖漏洞通过电子邮件发送特别制作的请求而耗尽服务器CPU资源导致拒绝服务。

Severity

高

Patch Name

IBM Cognos Analytics存在未明漏洞（CNVD-2022-62370）的补丁

Patch Description

IBM Cognos Analytics是美国IBM公司的一套商业智能软件。该软件包括报表、仪表板和记分卡等，并可通过分析关键因素与关键人等内容，协助企业调整决策。 IBM Cognos Analytics 存在安全漏洞，攻击者可利用盖漏洞通过电子邮件发送特别制作的请求而耗尽服务器CPU资源导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.ibm.com/support/pages/node/6615285

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-30614

Impacted products

Name
['IBM Cognos Analytics 11.1.7', 'IBM Cognos Analytics 11.2.0', 'IBM Cognos Analytics 11.2.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-30614"
    }
  },
  "description": "IBM Cognos Analytics\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5546\u4e1a\u667a\u80fd\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5305\u62ec\u62a5\u8868\u3001\u4eea\u8868\u677f\u548c\u8bb0\u5206\u5361\u7b49\uff0c\u5e76\u53ef\u901a\u8fc7\u5206\u6790\u5173\u952e\u56e0\u7d20\u4e0e\u5173\u952e\u4eba\u7b49\u5185\u5bb9\uff0c\u534f\u52a9\u4f01\u4e1a\u8c03\u6574\u51b3\u7b56\u3002\n\nIBM Cognos Analytics \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u76d6\u6f0f\u6d1e\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u53d1\u9001\u7279\u522b\u5236\u4f5c\u7684\u8bf7\u6c42\u800c\u8017\u5c3d\u670d\u52a1\u5668CPU\u8d44\u6e90\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.ibm.com/support/pages/node/6615285",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-62370",
  "openTime": "2022-09-08",
  "patchDescription": "IBM Cognos Analytics\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5546\u4e1a\u667a\u80fd\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5305\u62ec\u62a5\u8868\u3001\u4eea\u8868\u677f\u548c\u8bb0\u5206\u5361\u7b49\uff0c\u5e76\u53ef\u901a\u8fc7\u5206\u6790\u5173\u952e\u56e0\u7d20\u4e0e\u5173\u952e\u4eba\u7b49\u5185\u5bb9\uff0c\u534f\u52a9\u4f01\u4e1a\u8c03\u6574\u51b3\u7b56\u3002\r\n\r\nIBM Cognos Analytics \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u76d6\u6f0f\u6d1e\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u53d1\u9001\u7279\u522b\u5236\u4f5c\u7684\u8bf7\u6c42\u800c\u8017\u5c3d\u670d\u52a1\u5668CPU\u8d44\u6e90\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Cognos Analytics\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-62370\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Cognos Analytics 11.1.7",
      "IBM Cognos Analytics 11.2.0",
      "IBM Cognos Analytics 11.2.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-30614",
  "serverity": "\u9ad8",
  "submitTime": "2022-09-05",
  "title": "IBM Cognos Analytics\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-62370\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-30614 (GCVE-0-2022-30614)

Solution

Solutions

Solutions

Solution

Tags

Sightings

Nomenclature