CVE-2024-40703

{"id": "CVE-2024-40703", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-22T13:15:10.960", "references": [{"url": "https://www.ibm.com/support/pages/node/7160700", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7168038", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications."}, {"lang": "es", "value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3 e IBM Cognos Analytics Reports para iOS 11.0.0.7 podr\u00edan permitir que un atacante local obtenga informaci\u00f3n confidencial en forma de una clave API. Un atacante podr\u00eda utilizar esta informaci\u00f3n para lanzar otros ataques contra las aplicaciones afectadas."}], "lastModified": "2024-09-27T16:49:46.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66978806-0222-4AC6-B8E3-324154916FFA", "versionEndIncluding": "11.2.3", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A68167C-53E1-4785-A86C-19414F1F25A8", "versionEndExcluding": "12.0.3", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1D81212-AFFE-4A73-AAC1-E558973FC452"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42EB9F80-DCF1-474F-A5A5-7BC9F0B3BF58"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "706340D8-0E0B-4775-B90A-E696CFFB9901"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics_reports:11.0.0.7:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "A3CC42CE-826A-404F-8BE8-EBE1AE9FEAC0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}