CVE-2023-35011 MEDIUM

CVE-2023-35011: IBM Cognos Analytics server-side request forgey

Vendor Ibm

Product Cognos Analytics

Weakness CWE-918 · SSRF

Published August 16, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705.

Key dates

02Disclosure timeline

August 16, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-35011

Related vulnerabilities

04Related CVE

CVE-2023-47116 Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer CVE-2026-49328 Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF CVE-2025-49983 WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability CVE-2023-50733 A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.