IBM Cognos Analytics Multiple Vulnerabilities (6828527)

critical Nessus Plugin ID 166606


The remote web application is affected by multiple vulnerabilities.


The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the following:

- OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt() function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. (CVE-2021-3711)

- Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues() method. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

- Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing 'dot dot' sequences (/../) to view arbitrary files on the system.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to IBM Cognos Analytics 11.1.7 FP6, 11.2.3, or later.

See Also

Plugin Details

Severity: Critical

ID: 166606

File Name: ibm_cognos_6828527.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 10/27/2022

Updated: 1/5/2023

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3711


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:cognos_analytics

Required KB Items: installed_sw/IBM Cognos Analytics

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/3/2022

Vulnerability Publication Date: 10/17/2022

Reference Information

CVE: CVE-2021-29425, CVE-2021-3711, CVE-2021-3712, CVE-2021-3733, CVE-2021-3737, CVE-2021-4160, CVE-2021-43138, CVE-2022-0391, CVE-2022-24758, CVE-2022-34339

IAVB: 2022-B-0041-S