CVE-2021-29679: Code Injection

Published Oct 15, 2021

Updated

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

Other sources

IBM Cognos Analytics could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive.

Affected Software

3 affected components

IBM Cognos Analytics=11.1.7

IBM Cognos Analytics=11.2.0

NetApp OnCommand Insight

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6491661

Event History

Oct 15, 2021

CVE Published

via MITRE·03:55 PM

Data Sourced

via MITRE·03:55 PM

DescriptionSeverityWeakness

Aug 3, 2024

Data Sourced

via IBM·10:19 PM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-6491661

Frequently Asked Questions

What is the vulnerability ID for this security issue?

The vulnerability ID for this security issue is CVE-2021-29679.

What is the severity level of CVE-2021-29679?

The severity level of CVE-2021-29679 is high with a CVSS score of 8.8.

Which software versions are affected by CVE-2021-29679?

IBM Cognos Analytics versions 11.1.7 and 11.2.0 are affected by CVE-2021-29679.

How can an authenticated user exploit CVE-2021-29679?

An authenticated user can exploit CVE-2021-29679 by executing code remotely through incorrectly neutralized user-controlled input that could be interpreted as a server-side include (SSI) directive.

Where can I find more information about CVE-2021-29679?

You can find more information about CVE-2021-29679 on the IBM X-Force ID page (https://exchange.xforce.ibmcloud.com/vulnerabilities/199915) and the IBM support page (https://www.ibm.com/support/pages/node/6491661).