CVE-2020-4301: CSRF

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-4301.

Q: What is the severity of CVE-2020-4301?

CVE-2020-4301 has a severity rating of 6.5 (medium).

Q: Which products of IBM Cognos Analytics are affected?

IBM Cognos Analytics 11.1.x and 11.2.x versions are affected.

Q: How can an attacker exploit this vulnerability?

An attacker can exploit this vulnerability by performing cross-site request forgery attacks.

Q: Are there any patches or fixes available for the vulnerability?

Yes, IBM has provided fixes for this vulnerability. Please refer to the IBM support page for more information.

Published Sep 1, 2022

Updated

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.

Affected Software

10 affected components

IBM Cognos Analytics>=11.1.0<11.1.7

IBM Cognos Analytics>=11.2.0<11.2.3

IBM Cognos Analytics=11.1.7

IBM Cognos Analytics=11.1.7-fixpack1

IBM Cognos Analytics=11.1.7-fixpack2

IBM Cognos Analytics=11.1.7-fixpack3

IBM Cognos Analytics=11.1.7-fixpack4

NetApp OnCommand Insight

IBM Cognos Analytics<=11.2.0 - 11.2.2

IBM Cognos Analytics<=11.1.0 - 11.1.6 FP4

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6615285

Event History

Sep 1, 2022

CVE Published

via MITRE·07:00 PM

Data Sourced

via MITRE·07:00 PM

DescriptionSeverityWeakness

Feb 23, 2026

Data Sourced

via IBM·11:32 PM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-6615285

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-4301.

What is the severity of CVE-2020-4301?

CVE-2020-4301 has a severity rating of 6.5 (medium).

Which products of IBM Cognos Analytics are affected?