Description
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ibm / cognos_analytics11.2.0 – 11.2.0
- ibm / cognos_analytics11.2.1 – 11.2.1
- ibm / cognos_analytics11.2.2 – 11.2.2
- ibm / cognos_analytics11.2.3 – 11.2.3
- ibm / cognos_analytics11.2.4 – 11.2.4
- ibm / cognos_analytics12.0.0 – 12.0.0
- ibm / cognos_analytics12.0.1 – 12.0.1
- ibm / cognos_analytics12.0.2 – 12.0.2
- ibm / cognos_analytics12.0.3 – 12.0.3
- ibm / cognos_analytics12.0.4 – 12.0.4