CVE-2022-34339: Medium severity ibm cognos analytics vulnerability
Published Oct 17, 2022
·Updated
"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."
Other sources
IBM Cognos Analytics stores user credentials in plain clear text which can be read by an authenticated user.
Affected Software
10 affected components
IBM Cognos Analytics>=11.1.0<11.1.7
IBM Cognos Analytics=11.1.7
IBM Cognos Analytics=11.1.7-fixpack1
IBM Cognos Analytics=11.1.7-fixpack2
IBM Cognos Analytics=11.1.7-fixpack3
IBM Cognos Analytics=11.1.7-fixpack4
IBM Cognos Analytics=11.2.0
IBM Cognos Analytics=11.2.1
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
Remediation
Patch Available
Event History
Oct 17, 2022
CVE Published
12:00 AM
Nov 3, 2022
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-34339.
2
What is the severity of CVE-2022-34339?
The severity of CVE-2022-34339 is medium (CVSS score: 6.5).
3
Which versions of IBM Cognos Analytics are affected by CVE-2022-34339?
IBM Cognos Analytics versions 11.1.0 to 11.1.7, 11.1.7 Fix Pack 1 to Fix Pack 4, 11.2.0, and 11.2.1 are affected by CVE-2022-34339.
4
How does CVE-2022-34339 impact IBM Cognos Analytics?
CVE-2022-34339 allows an authenticated user to read user credentials stored in plain clear text in IBM Cognos Analytics.
5
Is there a fix available for CVE-2022-34339?
Yes, IBM has released fixes for CVE-2022-34339. Please refer to the IBM Security Bulletin for more information.