CyberSec.Space Logo
Back to CVE Browser

CVE-2021-38945

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile12.03th
PublishedJun 24, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.

Affected Platforms (CPE)

πŸ“¦
Ibm

Cognos Analytics

>= 11.1.0 and < 11.1.7
πŸ“¦
Ibm

Cognos Analytics

= 11.1.7
πŸ“¦
Ibm

Cognos Analytics

= 11.1.7
πŸ“¦
Ibm

Cognos Analytics

= 11.1.7
πŸ“¦
Ibm

Cognos Analytics

= 11.1.7
πŸ“¦
Ibm

Cognos Analytics

= 11.1.7
πŸ“¦
Ibm

Cognos Analytics

= 11.2.0
πŸ“¦
Ibm

Cognos Analytics

= 11.2.1
πŸ“¦
Netapp

Oncommand Insight

All versions

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/211238
πŸ”— https://security.netapp.com/advisory/ntap-20220729-0002/
πŸ”— https://www.ibm.com/support/pages/node/6597241
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/211238
πŸ”— https://security.netapp.com/advisory/ntap-20220729-0002/
πŸ”— https://www.ibm.com/support/pages/node/6597241

Related Vulnerabilities

CVE-2020-456110.0

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a re...

CVE-2020-45208.8

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticat...

CVE-2018-17218.8

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remot...

CVE-2021-296798.8

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing...