What is the vulnerability CVE-2022-39160?

The vulnerability CVE-2022-39160 refers to a cross-site scripting vulnerability in IBM Cognos Analytics.

How does the vulnerability CVE-2022-39160 affect IBM Cognos Analytics?

The vulnerability CVE-2022-39160 allows users to embed arbitrary JavaScript code in the Web UI of IBM Cognos Analytics, potentially leading to credentials disclosure within a trusted session.

What is the severity of the vulnerability CVE-2022-39160?

The severity of the vulnerability CVE-2022-39160 is medium with a CVSS score of 6.1.

Which versions of IBM Cognos Analytics are affected by the vulnerability CVE-2022-39160?

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are affected by the vulnerability CVE-2022-39160.

How can I fix the vulnerability CVE-2022-39160 in IBM Cognos Analytics?

To fix the vulnerability CVE-2022-39160 in IBM Cognos Analytics, apply the patch provided by IBM. For more details, refer to the IBM support page.

Vulnerability/
CVE-2022-39160

medium

6.1

CWE

16/12/2022

19/12/2022

3/8/2024

CVE-2022-39160: IBM Cognos Analytics cross-site scripting

First published: Fri Dec 16 2022(Updated: )

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cognos Analytics	<=11.2.x
IBM Cognos Analytics	<=11.1.x
IBM Cognos Analytics	>=11.1.0<11.1.7
IBM Cognos Analytics	>=11.2.0<=11.2.3
IBM Cognos Analytics	=11.1.7
IBM Cognos Analytics	=11.1.7-fixpack1
IBM Cognos Analytics	=11.1.7-fixpack2
IBM Cognos Analytics	=11.1.7-fixpack3
IBM Cognos Analytics	=11.1.7-fixpack4
IBM Cognos Analytics	=11.1.7-fixpack5

Remedy

https://www.ibm.com/support/pages/node/6841801

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6841801

Frequently Asked Questions

What is the vulnerability CVE-2022-39160?
The vulnerability CVE-2022-39160 refers to a cross-site scripting vulnerability in IBM Cognos Analytics.
How does the vulnerability CVE-2022-39160 affect IBM Cognos Analytics?
The vulnerability CVE-2022-39160 allows users to embed arbitrary JavaScript code in the Web UI of IBM Cognos Analytics, potentially leading to credentials disclosure within a trusted session.
What is the severity of the vulnerability CVE-2022-39160?
The severity of the vulnerability CVE-2022-39160 is medium with a CVSS score of 6.1.
Which versions of IBM Cognos Analytics are affected by the vulnerability CVE-2022-39160?
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are affected by the vulnerability CVE-2022-39160.
How can I fix the vulnerability CVE-2022-39160 in IBM Cognos Analytics?
To fix the vulnerability CVE-2022-39160 in IBM Cognos Analytics, apply the patch provided by IBM. For more details, refer to the IBM support page.

agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/remedy
agent/author
agent/weakness
collector/ibm-support
source/IBM
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/title
agent/tags
agent/event
agent/description
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/11.1.0
version/ibm cognos analytics/11.2.0
version/ibm cognos analytics/11.2.3
version/ibm cognos analytics/11.1.7
version/ibm cognos analytics/11.1.7-fixpack1
version/ibm cognos analytics/11.1.7-fixpack2
version/ibm cognos analytics/11.1.7-fixpack3
version/ibm cognos analytics/11.1.7-fixpack4
version/ibm cognos analytics/11.1.7-fixpack5
version/ibm cognos analytics/11.2.x
version/ibm cognos analytics/11.1.x