CVE-2023-38359

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 26, 2024

Updated: Dec 17, 2024

CWE ID 79

Summary

CVE-2023-38359 is a cross-site scripting (XSS) vulnerability affecting IBM Cognos Analytics versions 11.1.7, 11.2.4, and 12.0.0. Malicious JavaScript code can be injected into the Web UI, altering its intended functionality. This issue poses a risk of credentials disclosure within a trusted session. IBM's X-Force has assigned ID 260744 to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Cognos Analytics

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sAd3CK
https://www.cve.org/CVERecord?id=CVE-2023-38359
https://nvd.nist.gov/vuln/detail/CVE-2023-38359

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners