Home / Early Warning / Vulnerabilidades / CVE-2021-29679

CVE-2021-29679

Type: 
Code Injection
Severity: 
Medium
Publication date: 
10/15/2021
Last modified: 
11/16/2021
Description
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Requires a single instance to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_analytics:11.1.7:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields