CVE-2021-29745 — Vulnetix

CVE-2021-29745 PUBLISHED CVSS 5.400000095367432 MEDIUM

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.

EPSS 0.24% · 47.5th percentile

Risk Scores

CVSS 3.0

5.400000095367432

CVSS:3.0/PR:L/AV:N/S:U/A:N/UI:N/I:L/C:L/AC:L/RC:C/E:U/RL:O

EPSS Score

0.24%

47.5th percentile

Affected Products

Vendor	Product	Versions
netapp	oncommand_insight
ibm	cognos_analytics	11.2.0, 11.1.7
IBM	Cognos Analytics	11.2.0, 11.1.7

Exploit Intelligence

https://www.ibm.com/support/pages/node/6491661 (circl)
ibm-cognos-cve202129745-priv-escalation (201695) (circl)
https://security.netapp.com/advisory/ntap-20211112-0005/ (circl)

Timeline

Oct 15, 2021 CVE Published
Oct 16, 2021 EPSS Score
Oct 22, 2021 EPSS Score
Nov 12, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 6, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 3, 2022 EPSS Score
Jul 26, 2022 EPSS Score
Sep 20, 2022 EPSS Score
Nov 16, 2022 EPSS Score

References

https://www.ibm.com/support/pages/node/6491661 url
ibm-cognos-cve202129745-priv-escalation (201695) vdb
https://security.netapp.com/advisory/ntap-20211112-0005/ url
https://www.ibm.com/support/pages/node/6493729 advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-29745 advisory
https://security.netapp.com/advisory/ntap-20211112-0005 url

Open in Interactive Console →