What is the severity of CVE-2021-39009?

The severity of CVE-2021-39009 is medium with a severity value of 5.5.

Which versions of IBM Cognos Analytics are affected by CVE-2021-39009?

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by CVE-2021-39009.

How can a local privileged user exploit CVE-2021-39009?

A local privileged user can exploit CVE-2021-39009 by reading the plain clear text user credentials stored by IBM Cognos Analytics.

Is there a fix available for CVE-2021-39009?

Yes, IBM has provided fixes for IBM Cognos Analytics versions affected by CVE-2021-39009. Please refer to IBM's support page for more information.

Where can I find more information about CVE-2021-39009?

More information about CVE-2021-39009 can be found on IBM X-Force Exchange and IBM's support pages.

Vulnerability/
CVE-2021-39009

medium

5.5

CWE

312

31/8/2022

1/9/2022

17/9/2024

CVE-2021-39009

First published: Wed Aug 31 2022(Updated: )

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cognos Analytics 11.2.x	<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x	<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics	>=11.1.0<11.1.7
IBM Cognos Analytics	>=11.2.0<11.2.3
IBM Cognos Analytics	=11.1.7
IBM Cognos Analytics	=11.1.7-fixpack1
IBM Cognos Analytics	=11.1.7-fixpack2
IBM Cognos Analytics	=11.1.7-fixpack3
IBM Cognos Analytics	=11.1.7-fixpack4
NetApp OnCommand Insight

Remedy

https://www.ibm.com/support/pages/node/6615285

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6615285

Frequently Asked Questions

What is the severity of CVE-2021-39009?
The severity of CVE-2021-39009 is medium with a severity value of 5.5.
Which versions of IBM Cognos Analytics are affected by CVE-2021-39009?
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by CVE-2021-39009.
How can a local privileged user exploit CVE-2021-39009?
A local privileged user can exploit CVE-2021-39009 by reading the plain clear text user credentials stored by IBM Cognos Analytics.
Is there a fix available for CVE-2021-39009?
Yes, IBM has provided fixes for IBM Cognos Analytics versions affected by CVE-2021-39009. Please refer to IBM's support page for more information.
Where can I find more information about CVE-2021-39009?
More information about CVE-2021-39009 can be found on IBM X-Force Exchange and IBM's support pages.

agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/remedy
agent/author
agent/references
agent/weakness
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/11.1.0
version/ibm cognos analytics/11.2.0
version/ibm cognos analytics/11.1.7
version/ibm cognos analytics/11.1.7-fixpack1
version/ibm cognos analytics/11.1.7-fixpack2
version/ibm cognos analytics/11.1.7-fixpack3
version/ibm cognos analytics/11.1.7-fixpack4
vendor/netapp
canonical/netapp oncommand insight
canonical/ibm cognos analytics 11.2.x
version/ibm cognos analytics 11.2.x/ibm cognos analytics 11.2.x
canonical/ibm cognos analytics 11.1.x
version/ibm cognos analytics 11.1.x/ibm cognos analytics 11.1.x