CVE-2018-1721

HIGH

IBM Cognos Analytics - XXE

Title source: rule

Description

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/1074144

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/147369

Scores

CVSS v3 8.8

EPSS 0.0046

EPSS Percentile 64.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-91

Status published

Products (2)

ibm/cognos_analytics 11.0.0

ibm/cognos_analytics 11.1.0

Published Nov 09, 2019

Tracked Since Feb 18, 2026