CVE-2021-29679

Description

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

CVSS breakdown

CVSS 3.0

Privileges Required

Low

Attack Vector

Network

Scope

Unchanged

Availability

High

User Interaction

None

Integrity

High

Attack Complexity

Low

Confidentiality

High

Unchanged

Changed

Affected products

ibm / cognos_analytics11.2.0 – 11.2.0
ibm / cognos_analytics11.1.7 – 11.1.7

References

MISChttps://www.ibm.com/support/pages/node/6491661
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/199915
MISChttps://security.netapp.com/advisory/ntap-20211112-0005/