CVE-2021-39009: Medium severity IBM Cognos Analytics vulnerability
Published Sep 1, 2022
·Updated
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.
Affected Software
10 affected components
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
IBM Cognos Analytics=11.1.7-fixpack3
IBM Cognos Analytics=11.1.7-fixpack4
NetApp OnCommand Insight
IBM Cognos Analytics<=11.2.0 - 11.2.2
IBM Cognos Analytics<=11.1.0 - 11.1.6 FP4
Remediation
Patch Available
Event History
Sep 1, 2022
CVE Published
via MITRE·07:00 PM
Data Sourced
via MITRE·07:00 PM
DescriptionSeverityWeakness
Feb 23, 2026
Data Sourced
via IBM·11:32 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2021-39009?
The severity of CVE-2021-39009 is medium with a severity value of 5.5.
2
Which versions of IBM Cognos Analytics are affected by CVE-2021-39009?
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by CVE-2021-39009.
3
How can a local privileged user exploit CVE-2021-39009?
A local privileged user can exploit CVE-2021-39009 by reading the plain clear text user credentials stored by IBM Cognos Analytics.
4
Is there a fix available for CVE-2021-39009?
Yes, IBM has provided fixes for IBM Cognos Analytics versions affected by CVE-2021-39009. Please refer to IBM's support page for more information.
5
Where can I find more information about CVE-2021-39009?
More information about CVE-2021-39009 can be found on IBM X-Force Exchange and IBM's support pages.