CVE-2023-28952

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published May 3, 2024

Updated: May 6, 2024

CWE ID 117

Summary

CVE-2023-28952: A critical vulnerability has been identified in IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0. Hackers can exploit this issue by injecting malicious data into application logging. The vulnerability stems from a lack of data sanitization, allowing potentially harmful code to be executed. IBM X-Force has assigned ID 251463 to this security threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Cognos Controller

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vu2VTX
https://www.cve.org/CVERecord?id=CVE-2023-28952
https://nvd.nist.gov/vuln/detail/CVE-2023-28952

Back to Vulnerability Database