CVE-2022-30614: High severity IBM Cognos Analytics vulnerability
Published Sep 1, 2022
·Updated
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.
Affected Software
10 affected components
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics>=11.2.0<11.2.3
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
IBM Cognos Analytics=11.1.7-fixpack3
IBM Cognos Analytics=11.1.7-fixpack4
NetApp OnCommand Insight
IBM Cognos Analytics<=11.2.0 - 11.2.2
IBM Cognos Analytics<=11.1.0 - 11.1.6 FP4
Remediation
Patch Available
Event History
Sep 1, 2022
CVE Published
via MITRE·07:00 PM
Data Sourced
via MITRE·07:00 PM
DescriptionSeverityWeakness
Feb 23, 2026
Data Sourced
via IBM·11:32 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-30614.
2
What is the severity of CVE-2022-30614?
The severity of CVE-2022-30614 is high.
3
Which versions of IBM Cognos Analytics are affected by CVE-2022-30614?
CVE-2022-30614 affects IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1.
4
How does CVE-2022-30614 impact the server?
CVE-2022-30614 can cause the server to consume all available CPU resources.
5
Are there any mitigation steps available for CVE-2022-30614?
At the moment, there are no specific mitigation steps available for CVE-2022-30614. It is recommended to apply any patches or updates provided by IBM.