CVE-2023-32344

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 26, 2024

Updated: Jun 21, 2024

CWE ID 352

Summary

CVE-2023-32344 refers to a form action hijacking vulnerability impacting IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0. Malicious actors can exploit this issue by altering the form action to redirect to unintended paths. This could potentially lead to unauthorized data access or manipulation. IBM's X-Force has assigned ID 255898 to this security threat. This vulnerability poses a significant risk, as it allows attackers to bypass intended access controls. Users are advised to update their Cognos Analytics installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uocm1M
https://www.cve.org/CVERecord?id=CVE-2023-32344
https://nvd.nist.gov/vuln/detail/CVE-2023-32344

Back to Vulnerability Database

CVE-2023-32344

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations