What is the severity of CVE-2023-28530?

The severity of CVE-2023-28530 is medium with a CVSS score of 5.4.

How does CVE-2023-28530 affect IBM Cognos Analytics?

CVE-2023-28530 affects IBM Cognos Analytics versions 11.1 and 11.2.

What is the vulnerability in IBM Cognos Analytics?

The vulnerability in IBM Cognos Analytics is stored cross-site scripting (XSS) caused by improper validation of SVG Files in Custom Visualizations.

How can I fix CVE-2023-28530 in IBM Cognos Analytics?

To fix CVE-2023-28530 in IBM Cognos Analytics, apply the relevant patches provided by IBM.

Vulnerability/
CVE-2023-28530

medium

5.4

CWE

19/7/2023

22/7/2023

21/10/2024

CVE-2023-28530: IBM Cognos Analytics cross-site scripting

Q: How can a remote attacker exploit CVE-2023-28530?

A remote attacker can exploit CVE-2023-28530 to execute scripts in a victim's web browser within the security context of the hosting website.

First published: Wed Jul 19 2023(Updated: )

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cognos Analytics	<=11.2.x
IBM Cognos Analytics	<=11.1.x
IBM Cognos Analytics	>=11.1.0<11.1.7
IBM Cognos Analytics	>=11.2.0<11.2.4
IBM Cognos Analytics	=11.1.7
IBM Cognos Analytics	=11.1.7-fixpack1
IBM Cognos Analytics	=11.1.7-fixpack2
IBM Cognos Analytics	=11.1.7-fixpack3
IBM Cognos Analytics	=11.1.7-fixpack4
IBM Cognos Analytics	=11.1.7-fixpack5
IBM Cognos Analytics	=11.1.7-fixpack6
IBM Cognos Analytics	=11.2.4
IBM Cognos Analytics	=11.2.4-fixpack1

Remedy

https://www.ibm.com/support/pages/node/7012621

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7012621

Frequently Asked Questions

What is the severity of CVE-2023-28530?
The severity of CVE-2023-28530 is medium with a CVSS score of 5.4.
How does CVE-2023-28530 affect IBM Cognos Analytics?
CVE-2023-28530 affects IBM Cognos Analytics versions 11.1 and 11.2.
What is the vulnerability in IBM Cognos Analytics?
The vulnerability in IBM Cognos Analytics is stored cross-site scripting (XSS) caused by improper validation of SVG Files in Custom Visualizations.
How can a remote attacker exploit CVE-2023-28530?
A remote attacker can exploit CVE-2023-28530 to execute scripts in a victim's web browser within the security context of the hosting website.
How can I fix CVE-2023-28530 in IBM Cognos Analytics?
To fix CVE-2023-28530 in IBM Cognos Analytics, apply the relevant patches provided by IBM.

agent/softwarecombine
agent/first-publish-date
agent/type
agent/author
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-latest
agent/severity
agent/remedy
agent/references
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/event
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/11.1.0
version/ibm cognos analytics/11.2.0
version/ibm cognos analytics/11.1.7
version/ibm cognos analytics/11.1.7-fixpack1
version/ibm cognos analytics/11.1.7-fixpack2
version/ibm cognos analytics/11.1.7-fixpack3
version/ibm cognos analytics/11.1.7-fixpack4
version/ibm cognos analytics/11.1.7-fixpack5
version/ibm cognos analytics/11.1.7-fixpack6
version/ibm cognos analytics/11.2.4
version/ibm cognos analytics/11.2.4-fixpack1
version/ibm cognos analytics/11.2.x
version/ibm cognos analytics/11.1.x