CVE-2020-4561

Description

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903.

CVSS breakdown

CVSS 3.0

Privileges Required

None

Confidentiality

High

Integrity

High

Scope

Changed

Attack Complexity

Low

Availability

High

User Interaction

None

Attack Vector

Network

Unchanged

Changed

Affected products

ibm / cognos_analytics11.0 – 11.0
ibm / cognos_analytics11.1 – 11.1

References

MISChttps://www.ibm.com/support/pages/node/6451705
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/183903
MISChttps://security.netapp.com/advisory/ntap-20210622-0004/