Main Vulnerability Database Vulnerabilities #VU99863

#VU99863 Information disclosure in Cognos Analytics Mobile Server - CVE-2022-43383

Published: November 6, 2024

Vulnerability identifier: #VU99863

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-43383

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cognos Analytics Mobile Server

Software vendor:
IBM Corporation

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to application uses Cross-Origin Resource Sharing (CORS). A local user can carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7172692

#VU99863 Information disclosure in Cognos Analytics Mobile Server - CVE-2022-43383

Description

Remediation

External links

Please verify you're human