CVE-2023-25929 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-25929 PUBLISHED CVSS 4.599999904632568 MEDIUM

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.

EPSS 0.21% · 42.5th percentile

Risk Scores

CVSS v3.1

4.599999904632568

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS Score

0.21%

42.5th percentile

Affected Products

Vendor	Product	Versions
ibm	cognos_analytics	11.2.4, 11.1.0, 11.2.0
IBM	Cognos Analytics	11.1, 11.2

Timeline

Jul 21, 2023 CVE Published
Jul 22, 2023 EPSS Score
Aug 25, 2023 EPSS Score
Sep 27, 2023 EPSS Score
Oct 31, 2023 EPSS Score
Dec 4, 2023 EPSS Score
Jan 6, 2024 EPSS Score
Feb 9, 2024 EPSS Score
Mar 14, 2024 EPSS Score
Apr 16, 2024 EPSS Score
May 20, 2024 EPSS Score
Jun 23, 2024 EPSS Score

References

https://www.ibm.com/support/pages/node/7012621 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/247861 vdb
https://security.netapp.com/advisory/ntap-20230814-0005/ url
https://www.ibm.com/support/pages/node/7013143 advisory
https://www.ibm.com/support/pages/node/7011771 advisory
https://www.ibm.com/support/pages/node/7013297 advisory
https://www.ibm.com/support/pages/node/7012711 advisory
https://www.ibm.com/support/pages/node/7012395 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-25929 advisory
https://security.netapp.com/advisory/ntap-20230814-0005 url

Open in Interactive Console →