2022-10-26 16:00:42 +00:00
{
2022-12-19 21:00:39 +00:00
"data_version" : "4.0" ,
2022-10-26 16:00:42 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2022-43887" ,
2022-12-19 21:00:39 +00:00
"ASSIGNER" : "psirt@us.ibm.com" ,
"STATE" : "PUBLIC"
2022-10-26 16:00:42 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2022-12-19 21:00:39 +00:00
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-532 Insertion of Sensitive Information into Log File" ,
"cweId" : "CWE-532"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM" ,
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics" ,
"version" : {
"version_data" : [
{
"version_value" : "11.1.7, 11.2.0, 11.2.1" ,
"version_affected" : "="
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6841801" ,
"refsource" : "MISC" ,
"name" : "https://www.ibm.com/support/pages/node/6841801"
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450" ,
"refsource" : "MISC" ,
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450"
}
]
} ,
"generator" : {
"engine" : "Vulnogram 0.1.0-dev"
} ,
"source" : {
"discovery" : "UNKNOWN"
} ,
"impact" : {
"cvss" : [
{
"attackComplexity" : "LOW" ,
"attackVector" : "NETWORK" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
"privilegesRequired" : "NONE" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" ,
"version" : "3.1"
2022-10-26 16:00:42 +00:00
}
]
}
}
