Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM Cognos Analytics expression language injection
Vulnerability Description
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
表达式语言语句中使用的特殊元素转义处理不恰当(表达式语言注入)
Vulnerability Title
IBM Cognos Analytics 安全漏洞
Vulnerability Description
IBM Cognos Analytics是美国国际商业机器(IBM)公司的一套商业智能软件。该软件包括报表、仪表板和记分卡等,并可通过分析关键因素与关键人等内容,协助企业调整决策。 IBM Cognos Analytics 11.2.0版本至11.2.4 FP4版本和12.0.0版本至12.0.4版本存在安全漏洞,该漏洞源于容易受到表达式语言(EL)注入漏洞的影响,远程攻击者可以利用此漏洞泄露敏感信息、消耗内存资源。
CVSS Information
N/A
Vulnerability Type
N/A