CVE-2022-34357 MEDIUM

CVE-2022-34357: IBM Cognos Analytics Mobile Server denial of service

Vendor Ibm
Product Cognos Analytics
Weakness CWE-770 · Uncontrolled resource consumption
Published February 24, 2024
Last update February 13, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.

Key dates

02Disclosure timeline

February 24, 2024 CVE published
February 13, 2025 Record updated