What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2023-25929.

What is the severity of CVE-2023-25929?

The severity of CVE-2023-25929 is medium (5.4).

Which software is affected by CVE-2023-25929?

IBM Cognos Analytics 11.1 and 11.2 are affected by CVE-2023-25929.

How can I fix CVE-2023-25929?

You can fix CVE-2023-25929 by applying the appropriate patches provided by IBM. Please refer to the IBM support page for more information.

Are there any references for CVE-2023-25929?

Yes, you can find references for CVE-2023-25929 at the following links: - [IBM X-Force ID: 247861](https://exchange.xforce.ibmcloud.com/vulnerabilities/247861) - [IBM X-Force ID: 212233](https://exchange.xforce.ibmcloud.com/vulnerabilities/212233) - [IBM Support Page](https://www.ibm.com/support/pages/node/7012621)

Vulnerability/
CVE-2023-25929

medium

5.4

CWE

20 79

19/7/2023

22/7/2023

21/10/2024

CVE-2023-25929: IBM Cognos Analytics cross-site scripting

First published: Wed Jul 19 2023(Updated: )

d3-color is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted string that starts with the letter 'A' to the rgb() and hrc() functions, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cognos Analytics	<=11.2.x
IBM Cognos Analytics	<=11.1.x
IBM Cognos Analytics	>=11.1.0<11.1.7
IBM Cognos Analytics	>=11.2.0<11.2.4
IBM Cognos Analytics	=11.1.7
IBM Cognos Analytics	=11.1.7-fixpack1
IBM Cognos Analytics	=11.1.7-fixpack2
IBM Cognos Analytics	=11.1.7-fixpack3
IBM Cognos Analytics	=11.1.7-fixpack4
IBM Cognos Analytics	=11.1.7-fixpack5
IBM Cognos Analytics	=11.1.7-fixpack6
IBM Cognos Analytics	=11.2.4
IBM Cognos Analytics	=11.2.4-fixpack1

Remedy

https://www.ibm.com/support/pages/node/7012621

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7012621

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-25929.
What is the severity of CVE-2023-25929?
The severity of CVE-2023-25929 is medium (5.4).
Which software is affected by CVE-2023-25929?
IBM Cognos Analytics 11.1 and 11.2 are affected by CVE-2023-25929.
How can I fix CVE-2023-25929?
You can fix CVE-2023-25929 by applying the appropriate patches provided by IBM. Please refer to the IBM support page for more information.
Are there any references for CVE-2023-25929?
Yes, you can find references for CVE-2023-25929 at the following links: - [IBM X-Force ID: 247861](https://exchange.xforce.ibmcloud.com/vulnerabilities/247861) - [IBM X-Force ID: 212233](https://exchange.xforce.ibmcloud.com/vulnerabilities/212233) - [IBM Support Page](https://www.ibm.com/support/pages/node/7012621)

agent/author
agent/type
agent/softwarecombine
agent/first-publish-date
collector/nvd-latest
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-api
agent/remedy
agent/references
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/last-modified-date
agent/event
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/11.1.7
version/ibm cognos analytics/11.1.0
version/ibm cognos analytics/11.1.7-fixpack1
version/ibm cognos analytics/11.1.7-fixpack2
version/ibm cognos analytics/11.1.7-fixpack3
version/ibm cognos analytics/11.1.7-fixpack4
version/ibm cognos analytics/11.1.7-fixpack5
version/ibm cognos analytics/11.1.7-fixpack6
version/ibm cognos analytics/11.2.4-fixpack1
version/ibm cognos analytics/11.2.4
version/ibm cognos analytics/11.2.0
version/ibm cognos analytics/11.2.x
version/ibm cognos analytics/11.1.x