CVE-2024-40703

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7160700	Patch Vendor Advisory
https://www.ibm.com/support/pages/node/7168038	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cognos_analytics::::::::
	cpe:2.3:a:ibm:cognos_analytics::::::::
	cpe:2.3:a:ibm:cognos_analytics:11.2.4:-::::::
	cpe:2.3:a:ibm:cognos_analytics:12.0.3:-::::::
	cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1::::::
	cpe:2.3:a:ibm:cognos_analytics_reports:11.0.0.7:::::iphone_os::

History

No history.

Information

Published : 2024-09-22 13:15

Updated : 2024-09-27 16:49

NVD link : CVE-2024-40703

Mitre link : CVE-2024-40703

CVE.ORG link : CVE-2024-40703

JSON object : View

Products Affected

ibm

cognos_analytics
cognos_analytics_reports

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2024-40703", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-22T13:15:10.960", "references": [{"url": "https://www.ibm.com/support/pages/node/7160700", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7168038", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications."}, {"lang": "es", "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3 e IBM Cognos Analytics Reports para iOS 11.0.0.7 podr\u00edan permitir que un atacante local obtenga informaci\u00f3n confidencial en forma de una clave API. Un atacante podr\u00eda utilizar esta informaci\u00f3n para lanzar otros ataques contra las aplicaciones afectadas."}], "lastModified": "2024-09-27T16:49:46.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66978806-0222-4AC6-B8E3-324154916FFA", "versionEndIncluding": "11.2.3", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A68167C-53E1-4785-A86C-19414F1F25A8", "versionEndExcluding": "12.0.3", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1D81212-AFFE-4A73-AAC1-E558973FC452"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42EB9F80-DCF1-474F-A5A5-7BC9F0B3BF58"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "706340D8-0E0B-4775-B90A-E696CFFB9901"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics_reports:11.0.0.7:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "A3CC42CE-826A-404F-8BE8-EBE1AE9FEAC0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}