CVE-2022-34357

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users.  IBM X-Force ID:  230510.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ibmCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
netapponcommand_insight
-
ibmcognos_analytics
11.1.1 ≤
𝑥
< 11.1.7
ibmcognos_analytics
11.2.0 ≤
𝑥
< 11.2.4
ibmcognos_analytics
11.1.7
ibmcognos_analytics
11.1.7:fixpack1
ibmcognos_analytics
11.1.7:fixpack2
ibmcognos_analytics
11.1.7:fixpack3
ibmcognos_analytics
11.1.7:fixpack4
ibmcognos_analytics
11.1.7:fixpack5
ibmcognos_analytics
11.1.7:fixpack6
ibmcognos_analytics
11.1.7:fixpack7
ibmcognos_analytics
11.2.4
ibmcognos_analytics
11.2.4:fixpack1
ibmcognos_analytics
11.2.4:fixpack2
ibmcognos_analytics
12.0.0
ibmcognos_analytics
12.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/230510
https://security.netapp.com/advisory/ntap-20240405-0001/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.ibm.com/support/pages/node/7123154
https://exchange.xforce.ibmcloud.com/vulnerabilities/230510
https://security.netapp.com/advisory/ntap-20240405-0001/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.ibm.com/support/pages/node/7123154