CVE-2023-38735: IBM Cognos Dashboards improper authentication
First published: Fri Oct 20 2023(Updated: )
IBM Cognos Dashboards could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Dashboards on Cloud Pak for Data | =4.7.0 | |
| <=4.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-38735.
What is the severity level of CVE-2023-38735?
The severity level of CVE-2023-38735 is medium (5.7).
What is the affected software version?
The affected software version is IBM Cognos Dashboards on Cloud Pak for Data 4.7.0.
How can an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by redirecting a victim to a phishing site.
Is there a fix available for this vulnerability?
Please refer to the official IBM support page for information on available fixes and patches.
- collector/nvd-api
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm cognos dashboards on cloud pak for data
- version/ibm cognos dashboards on cloud pak for data/4.7.0