CVE-2019-4343
MEDIUM WAF: Low
CVSS 6.5
Published: 2019-12-30
CWE-863
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | cognos_analytics | 11.0.0 |
| ibm | cognos_analytics | 11.1.0 |
| netapp | oncommand_insight | - |
References
- exchange.xforce.ibmcloud.com (VDB Entry, Vendor Advisory)
- security.netapp.com (Third Party Advisory)
- www.ibm.com (Vendor Advisory)