CVE-2021-29823: CSRF
Published Sep 1, 2022
·Updated
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.
Affected Software
10 affected components
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
IBM Cognos Analytics=11.1.7-fixpack3
IBM Cognos Analytics=11.1.7-fixpack4
NetApp OnCommand Insight
IBM Cognos Analytics<=11.2.0 - 11.2.2
IBM Cognos Analytics<=11.1.0 - 11.1.6 FP4
Remediation
Patch Available
Event History
Sep 1, 2022
CVE Published
via MITRE·07:00 PM
Data Sourced
via MITRE·07:00 PM
DescriptionSeverityWeakness
Feb 23, 2026
Data Sourced
via IBM·11:32 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-29823.
2
What is the severity of CVE-2021-29823?
CVE-2021-29823 has a severity rating of 6.5 (medium).
3
Which versions of IBM Cognos Analytics are affected by CVE-2021-29823?
IBM Cognos Analytics 11.1.x and 11.2.x are affected by CVE-2021-29823.
4
What is the risk of CVE-2021-29823?
CVE-2021-29823 allows an attacker to execute malicious and unauthorized actions transmitted from a trusted user.
5
Where can I find more information about CVE-2021-29823?
You can find more information about CVE-2021-29823 on the IBM X-Force ID page and the IBM support page.