CVE-2022-34357: IBM Cognos Analytics Mobile Server denial of service
First published: Sat Feb 24 2024(Updated: )
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Analytics | <=12.0.0-12.0.1 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP2 | |
| IBM Cognos Analytics | <=11.1.1-11.1.7 FP7 | |
| NetApp OnCommand Insight | ||
| IBM Cognos Analytics | >=11.1.1<11.1.7 | |
| IBM Cognos Analytics | >=11.2.0<11.2.4 | |
| IBM Cognos Analytics | =11.1.7 | |
| IBM Cognos Analytics | =11.1.7-fixpack1 | |
| IBM Cognos Analytics | =11.1.7-fixpack2 | |
| IBM Cognos Analytics | =11.1.7-fixpack3 | |
| IBM Cognos Analytics | =11.1.7-fixpack4 | |
| IBM Cognos Analytics | =11.1.7-fixpack5 | |
| IBM Cognos Analytics | =11.1.7-fixpack6 | |
| IBM Cognos Analytics | =11.1.7-fixpack7 | |
| IBM Cognos Analytics | =11.2.4 | |
| IBM Cognos Analytics | =11.2.4-fixpack1 | |
| IBM Cognos Analytics | =11.2.4-fixpack2 | |
| IBM Cognos Analytics | =12.0.0 | |
| IBM Cognos Analytics | =12.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-34357?
CVE-2022-34357 has a severity rating that indicates it can lead to Denial of Service due to weak or absent rate limiting.
How do I fix CVE-2022-34357?
To fix CVE-2022-34357, apply the appropriate patches provided by IBM for affected versions of Cognos Analytics.
Which versions are affected by CVE-2022-34357?
Versions 11.1.7, 11.2.4, and 12.0.0 of IBM Cognos Analytics are affected by CVE-2022-34357.
What kind of attack does CVE-2022-34357 allow?
CVE-2022-34357 allows an attacker to perform Denial of Service attacks by making unlimited HTTP requests.
Is there a workaround for CVE-2022-34357 if I can't apply the fix immediately?
A temporary workaround for CVE-2022-34357 may involve implementing rate limiting at the network level until a patch can be applied.
- agent/type
- agent/weakness
- agent/title
- agent/description
- agent/severity
- agent/author
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.1
- version/ibm cognos analytics/11.2.0-11.2.4 fp2
- version/ibm cognos analytics/11.1.1-11.1.7 fp7
- vendor/netapp
- canonical/netapp oncommand insight
- version/ibm cognos analytics/11.1.1
- version/ibm cognos analytics/11.2.0
- version/ibm cognos analytics/11.1.7
- version/ibm cognos analytics/11.1.7-fixpack1
- version/ibm cognos analytics/11.1.7-fixpack2
- version/ibm cognos analytics/11.1.7-fixpack3
- version/ibm cognos analytics/11.1.7-fixpack4
- version/ibm cognos analytics/11.1.7-fixpack5
- version/ibm cognos analytics/11.1.7-fixpack6
- version/ibm cognos analytics/11.1.7-fixpack7
- version/ibm cognos analytics/11.2.4
- version/ibm cognos analytics/11.2.4-fixpack1
- version/ibm cognos analytics/11.2.4-fixpack2
- version/ibm cognos analytics/12.0.0
- version/ibm cognos analytics/12.0.1