{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-36773", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "datePublished": "2022-09-01T19:00:29.851Z", "dateUpdated": "2024-09-16T19:40:32.329Z", "dateReserved": "2022-07-26T00:00:00.000Z"}, "containers": {"cna": {"datePublic": "2022-08-31T00:00:00.000Z", "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2022-10-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571."}], "affected": [{"vendor": "IBM", "product": "Cognos Analytics", "versions": [{"version": "11.2.0", "status": "affected"}, {"version": "11.1.7", "status": "affected"}, {"version": "11.2.1", "status": "affected"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/6615285"}, {"name": "ibm-cognos-cve202236773-xxe (233571)", "tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571"}, {"url": "https://security.netapp.com/advisory/ntap-20221014-0005/"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AC:L/I:N/AV:N/C:H/A:L/UI:N/S:U/PR:L/RC:C/RL:O/E:U", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "baseScore": 7.1, "temporalScore": 6.2, "baseSeverity": "HIGH", "temporalSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "description": "Obtain Information", "lang": "en"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:14:28.369Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6615285", "tags": ["x_transferred"]}, {"name": "ibm-cognos-cve202236773-xxe (233571)", "tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571"}, {"url": "https://security.netapp.com/advisory/ntap-20221014-0005/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "89AC2F63-02F5-449F-A66C-24AAFA34ED98", "versionEndExcluding": "11.1.7", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "820F9237-E014-43DC-9AEB-9FA97FA52E5E", "versionEndExcluding": "11.2.3", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*", "matchCriteriaId": "6680448A-C3B3-4FEE-A500-974681D3E731", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*", "matchCriteriaId": "A2E66D31-A2CC-4F06-89D3-9A881EADE0FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*", "matchCriteriaId": "A76630E7-2DEB-4992-A671-85729B80E46B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*", "matchCriteriaId": "38BDC609-EA7D-4C15-868A-EC8D8FFD3AF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*", "matchCriteriaId": "BCF5213D-4BB1-4109-8B1B-5CA129819692", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571."}, {"lang": "es", "value": "IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1 es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. IBM X-Force ID: 233571"}], "id": "CVE-2022-36773", "lastModified": "2024-11-21T07:13:40.440", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T19:15:12.587", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6615285"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221014-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6615285"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}