CVE-2021-29745: High severity IBM Cognos Analytics vulnerability

Published Oct 15, 2021

Updated

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.

Other sources

IBM Cognos Analytics is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to.

Affected Software

3 affected components

IBM Cognos Analytics=11.1.7

IBM Cognos Analytics=11.2.0

NetApp OnCommand Insight

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6491661

Event History

Oct 15, 2021

CVE Published

via MITRE·03:55 PM

Data Sourced

via MITRE·03:55 PM

DescriptionSeverityWeakness

Aug 3, 2024

Data Sourced

via IBM·10:19 PM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-6491661

Frequently Asked Questions

What is CVE-2021-29745?

CVE-2021-29745 is a vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 that allows lower-level users to access the 'New Job' page, which they should not have access to.

What is the severity of CVE-2021-29745?

CVE-2021-29745 has a severity score of 8.8, which is considered high.

Which versions of IBM Cognos Analytics are affected by CVE-2021-29745?

IBM Cognos Analytics 11.1.7 and 11.2.0 are affected by CVE-2021-29745.

How can the privilege escalation vulnerability in IBM Cognos Analytics be fixed?

To fix the privilege escalation vulnerability in IBM Cognos Analytics, update to a version that is not affected by the vulnerability.

Where can I find more information about CVE-2021-29745?

You can find more information about CVE-2021-29745 on the IBM X-Force ID page and the IBM support page.