CVE-2023-38276: IBM Cognos Dashboards information disclosure
First published: Fri Oct 20 2023(Updated: )
IBM Cognos Dashboards exposes sensitive information in environment variables which could aid in further attacks against the system.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Dashboards on Cloud Pak for Data | <=4.7.0 | |
| IBM Cognos Dashboards on Cloud Pak for Data | =4.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-38276.
What is the title of the vulnerability?
The title of the vulnerability is IBM Cognos Dashboards information disclosure.
What is the severity level of CVE-2023-38276?
The severity level of CVE-2023-38276 is medium with a severity value of 5.9.
Which version of IBM Cognos Dashboards on Cloud Pak for Data is affected by this vulnerability?
IBM Cognos Dashboards on Cloud Pak for Data version 4.7.0 is affected by this vulnerability.
How can this vulnerability be exploited?
This vulnerability can be exploited by accessing sensitive information in environment variables, which could aid in further attacks against the system.
- collector/nvd-api
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/severity
- agent/title
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm cognos dashboards on cloud pak for data
- version/ibm cognos dashboards on cloud pak for data/4.7.0