CVE-2021-20470

HIGH

IBM Cognos Analytics <11.2.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6520510
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/196939
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20211223-0006/

Scores

CVSS v3 7.5
EPSS 0.0138
EPSS Percentile 68.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-521
Status published
Products (4)
ibm/cognos_analytics 11.1.7 (4 CPE variants)
ibm/cognos_analytics 11.2.0
ibm/cognos_analytics 11.1.0 - 11.1.7
netapp/oncommand_insight
Published Dec 03, 2021
Tracked Since Feb 18, 2026