CVE-2022-43887 MEDIUM

CVE-2022-43887: IBM Cognos Analytics information disclosure

Vendor Ibm
Product Cognos Analytics
Weakness CWE-532 · Sensitive info in logs
Published December 19, 2022
Last update April 17, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.

Key dates

02Disclosure timeline

December 19, 2022 CVE published
April 17, 2025 Record updated