What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2023-35009.

What is the severity level of CVE-2023-35009?

The severity level of CVE-2023-35009 is medium with a severity value of 5.3.

How can a remote attacker exploit CVE-2023-35009?

A remote attacker can exploit CVE-2023-35009 to obtain system information without authentication, which can be used for future attacks.

Which versions of IBM Cognos Analytics are affected by CVE-2023-35009?

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by CVE-2023-35009.

How do I fix CVE-2023-35009?

To fix CVE-2023-35009, apply the available patches provided by IBM for the affected versions of IBM Cognos Analytics.

Vulnerability/
CVE-2023-35009

medium

5.3

CWE

209

16/8/2023

7/10/2024

CVE-2023-35009: IBM Cognos Analytics information disclosure

First published: Wed Aug 16 2023(Updated: )

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cognos Analytics	<=12.0
IBM Cognos Analytics	<=11.2.x
IBM Cognos Analytics	<=11.1.x
IBM Cognos Analytics	>=11.1.0<11.1.7
IBM Cognos Analytics	>=11.2.0<11.2.4
IBM Cognos Analytics	=11.1.7
IBM Cognos Analytics	=11.1.7-interimfix1
IBM Cognos Analytics	=11.1.7-interimfix2
IBM Cognos Analytics	=11.1.7-interimfix3
IBM Cognos Analytics	=11.1.7-interimfix4
IBM Cognos Analytics	=11.1.7-interimfix5
IBM Cognos Analytics	=11.1.7-interimfix6
IBM Cognos Analytics	=11.1.7-interimfix7
IBM Cognos Analytics	=11.1.7-interimfix8
IBM Cognos Analytics	=11.1.7-interimfix9
IBM Cognos Analytics	=11.2.4
IBM Cognos Analytics	=11.2.4-fixpack1

Remedy

https://www.ibm.com/support/pages/node/7026692

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7026692

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-35009.
What is the severity level of CVE-2023-35009?
The severity level of CVE-2023-35009 is medium with a severity value of 5.3.
How can a remote attacker exploit CVE-2023-35009?
A remote attacker can exploit CVE-2023-35009 to obtain system information without authentication, which can be used for future attacks.
Which versions of IBM Cognos Analytics are affected by CVE-2023-35009?
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 are affected by CVE-2023-35009.
How do I fix CVE-2023-35009?
To fix CVE-2023-35009, apply the available patches provided by IBM for the affected versions of IBM Cognos Analytics.

agent/author
agent/type
agent/last-modified-date
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/remedy
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/severity
agent/first-publish-date
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
collector/nvd-api
source/NVD
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/11.1.0
version/ibm cognos analytics/11.2.0
version/ibm cognos analytics/11.1.7
version/ibm cognos analytics/11.1.7-interimfix1
version/ibm cognos analytics/11.1.7-interimfix2
version/ibm cognos analytics/11.1.7-interimfix3
version/ibm cognos analytics/11.1.7-interimfix4
version/ibm cognos analytics/11.1.7-interimfix5
version/ibm cognos analytics/11.1.7-interimfix6
version/ibm cognos analytics/11.1.7-interimfix7
version/ibm cognos analytics/11.1.7-interimfix8
version/ibm cognos analytics/11.1.7-interimfix9
version/ibm cognos analytics/11.2.4
version/ibm cognos analytics/11.2.4-fixpack1
version/ibm cognos analytics/12.0
version/ibm cognos analytics/11.2.x
version/ibm cognos analytics/11.1.x