CVE-2021-20464

MEDIUM

IBM Cognos Analytics <11.2.0 - DoS

Title source: llm

Description

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

References (3)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6570957

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/196813

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220602-0003/

Scores

CVSS v3 6.5

EPSS 0.0033

EPSS Percentile 55.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-776

Status published

Products (4)

ibm/cognos_analytics 11.1.7

ibm/cognos_analytics 11.2.0

ibm/cognos_analytics 11.2.1

netapp/oncommand_insight

Published Apr 22, 2022

Tracked Since Feb 18, 2026