CVE-2022-43887
Severity CVSS v4.0:
Pending analysis
Type:
CWE-532
Information Exposure Through Log Files
Publication date:
19/12/2022
Last modified:
07/11/2023
Description
<br />
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.<br />
<br />
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* | 11.1.0 (including) | 11.1.7 (excluding) |
| cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* | 11.2.0 (including) | 11.2.3 (including) |
| cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page