CVE-2022-43887

{"id": "CVE-2022-43887", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-12-19T21:15:10.420", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6841801", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6841801", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.\n\n"}, {"lang": "es", "value": "IBM Cognos Analytics 11.1.7, 11.2.0 y 11.2.1 podr\u00edan ser vulnerables a la exposici\u00f3n de informaci\u00f3n confidencial al pasar claves API a archivos de registro. Si estas claves contienen informaci\u00f3n confidencial, podr\u00edan provocar m\u00e1s ataques. ID de IBM X-Force: 240450."}], "lastModified": "2024-11-21T07:27:19.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89AC2F63-02F5-449F-A66C-24AAFA34ED98", "versionEndExcluding": "11.1.7", "versionStartIncluding": "11.1.0"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66978806-0222-4AC6-B8E3-324154916FFA", "versionEndIncluding": "11.2.3", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6680448A-C3B3-4FEE-A500-974681D3E731"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E66D31-A2CC-4F06-89D3-9A881EADE0FD"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A76630E7-2DEB-4992-A671-85729B80E46B"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BDC609-EA7D-4C15-868A-EC8D8FFD3AF9"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF5213D-4BB1-4109-8B1B-5CA129819692"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3F972B5-E6C3-4D95-8C61-B9F90C1BAC36"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}