CVE-2021-39009

{"id": "CVE-2021-39009", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-09-01T19:15:12.000", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://security.netapp.com/advisory/ntap-20221014-0005/", "tags": ["Third Party Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6615285", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20221014-0005/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6615285", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554."}, {"lang": "es", "value": "IBM Cognos Analytics versiones 11.1.7, 11.2.0 y 11.2.1, almacena las credenciales de usuario en texto sin cifrar que puede ser le\u00eddo por un usuario local privilegiado. IBM X-Force ID: 213554"}], "lastModified": "2024-11-21T06:18:24.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89AC2F63-02F5-449F-A66C-24AAFA34ED98", "versionEndExcluding": "11.1.7", "versionStartIncluding": "11.1.0"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "820F9237-E014-43DC-9AEB-9FA97FA52E5E", "versionEndExcluding": "11.2.3", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6680448A-C3B3-4FEE-A500-974681D3E731"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E66D31-A2CC-4F06-89D3-9A881EADE0FD"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A76630E7-2DEB-4992-A671-85729B80E46B"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BDC609-EA7D-4C15-868A-EC8D8FFD3AF9"}, {"criteria": "cpe:2.3:a:ibm:cognos_analytics:11.1.7:fixpack4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF5213D-4BB1-4109-8B1B-5CA129819692"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}