What is the severity of CVE-2022-36773?

The severity of CVE-2022-36773 is high with a CVSS score of 8.2.

How does CVE-2022-36773 impact IBM Cognos Analytics?

CVE-2022-36773 allows a remote attacker to obtain sensitive information in IBM Cognos Analytics.

How can an attacker exploit CVE-2022-36773?

An attacker can exploit CVE-2022-36773 by sending a specially-crafted request with an illegal character in a header value.

What is the affected version of IBM Cognos Analytics for CVE-2022-36773?

IBM Cognos Analytics 11.1.x and 11.2.x are affected by CVE-2022-36773.

Are there any fixes or patches available for CVE-2022-36773?

Yes, IBM has released fixes and patches for CVE-2022-36773. Please refer to the vendor's website for more information.

Vulnerability/
CVE-2022-36773

high

8.2

CWE

611

31/8/2022

3/8/2024

CVE-2022-36773: XEE

First published: Wed Aug 31 2022(Updated: )

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cognos Analytics 11.2.x	<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x	<=IBM Cognos Analytics 11.1.x
IBM Cognos Analytics	>=11.1.0<11.1.7
IBM Cognos Analytics	>=11.2.0<11.2.3
IBM Cognos Analytics	=11.1.7
IBM Cognos Analytics	=11.1.7-fixpack1
IBM Cognos Analytics	=11.1.7-fixpack2
IBM Cognos Analytics	=11.1.7-fixpack3
IBM Cognos Analytics	=11.1.7-fixpack4
NetApp OnCommand Insight

Remedy

https://www.ibm.com/support/pages/node/6615285

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6615285

Frequently Asked Questions

What is the severity of CVE-2022-36773?
The severity of CVE-2022-36773 is high with a CVSS score of 8.2.
How does CVE-2022-36773 impact IBM Cognos Analytics?
CVE-2022-36773 allows a remote attacker to obtain sensitive information in IBM Cognos Analytics.
How can an attacker exploit CVE-2022-36773?
An attacker can exploit CVE-2022-36773 by sending a specially-crafted request with an illegal character in a header value.
What is the affected version of IBM Cognos Analytics for CVE-2022-36773?
IBM Cognos Analytics 11.1.x and 11.2.x are affected by CVE-2022-36773.
Are there any fixes or patches available for CVE-2022-36773?
Yes, IBM has released fixes and patches for CVE-2022-36773. Please refer to the vendor's website for more information.

agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/remedy
agent/author
agent/references
agent/weakness
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/11.1.0
version/ibm cognos analytics/11.2.0
version/ibm cognos analytics/11.1.7
version/ibm cognos analytics/11.1.7-fixpack1
version/ibm cognos analytics/11.1.7-fixpack2
version/ibm cognos analytics/11.1.7-fixpack3
version/ibm cognos analytics/11.1.7-fixpack4
vendor/netapp
canonical/netapp oncommand insight
canonical/ibm cognos analytics 11.2.x
version/ibm cognos analytics 11.2.x/ibm cognos analytics 11.2.x
canonical/ibm cognos analytics 11.1.x
version/ibm cognos analytics 11.1.x/ibm cognos analytics 11.1.x