CVE-2022-34357

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-34357
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/230510 VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/230510 VDB Entry Vendor Advisory
https://security.netapp.com/advisory/ntap-20240405-0001/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240405-0001/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory
https://www.ibm.com/support/pages/node/7123154 Vendor Advisory
https://www.ibm.com/support/pages/node/7123154 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack5:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack6:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack7:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
History

17 Dec 2024, 16:49

Type Values Removed Values Added
First Time Netapp oncommand Insight
Netapp
Ibm cognos Analytics
Ibm
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-770
References () https://security.netapp.com/advisory/ntap-20240405-0001/ - () https://security.netapp.com/advisory/ntap-20240405-0001/ - Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/230510 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/230510 - VDB Entry, Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20240621-0006/ - () https://security.netapp.com/advisory/ntap-20240621-0006/ - Third Party Advisory
References () https://www.ibm.com/support/pages/node/7123154 - () https://www.ibm.com/support/pages/node/7123154 - Vendor Advisory
CPE cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack7:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack6:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack5:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*

21 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240621-0006/ -

05 Apr 2024, 09:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240405-0001/ -

26 Feb 2024, 16:32

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-26 16:27

Updated : 2024-12-17 16:49

NVD link : CVE-2022-34357

Mitre link : CVE-2022-34357

JSON object : View

Products Affected

netapp

  • oncommand_insight

ibm

  • cognos_analytics
CWE

No CWE.