Vulnerability Description
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netapp | Oncommand Insight | - |
| Ibm | Cognos Analytics | >= 11.1.1, < 11.1.7 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/255898VDB EntryVendor Advisory
- https://security.netapp.com/advisory/ntap-20240405-0002/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20240621-0006/Third Party Advisory
- https://www.ibm.com/support/pages/node/7123154Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/255898VDB EntryVendor Advisory
- https://security.netapp.com/advisory/ntap-20240405-0002/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20240621-0006/Third Party Advisory
- https://www.ibm.com/support/pages/node/7123154Vendor Advisory
FAQ
What is CVE-2023-32344?
CVE-2023-32344 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.
How severe is CVE-2023-32344?
CVE-2023-32344 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32344?
Check the references section above for vendor advisories and patch information. Affected products include: Netapp Oncommand Insight, Ibm Cognos Analytics.