CVE-2021-20468: CSRF
Published Sep 1, 2022
·Updated
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.
Affected Software
10 affected components
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
IBM Cognos Analytics=11.1.7-fixpack3
IBM Cognos Analytics=11.1.7-fixpack4
NetApp OnCommand Insight
IBM Cognos Analytics<=11.2.0 - 11.2.2
IBM Cognos Analytics<=11.1.0 - 11.1.6 FP4
Remediation
Patch Available
Event History
Sep 1, 2022
CVE Published
via MITRE·07:00 PM
Data Sourced
via MITRE·07:00 PM
DescriptionSeverityWeakness
Feb 23, 2026
Data Sourced
via IBM·11:32 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID?
The vulnerability ID is CVE-2021-20468.
2
What is the severity of CVE-2021-20468?
The severity of CVE-2021-20468 is medium.
3
Which versions of IBM Cognos Analytics are affected by CVE-2021-20468?
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by CVE-2021-20468.
4
How can an attacker exploit CVE-2021-20468?
An attacker can exploit CVE-2021-20468 by executing malicious and unauthorized actions transmitted from a trusted user.
5
Where can I find more information about CVE-2021-20468?
You can find more information about CVE-2021-20468 on the IBM X-Force ID page (https://exchange.xforce.ibmcloud.com/vulnerabilities/196825) and the IBM support page (https://www.ibm.com/support/pages/node/6615285).