CVE-2021-20468 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

An attacker could exploit this vulnerability by persuading a user to click a maliciously crafted link. A successful exploit could allow the attacker to access data, manipulate data, or perform a malicious action on behalf of the targeted user. IBM X-Force ID: 196826.

A vulnerability in the HTTP protocol could allow a remote attacker to conduct a man-in-the-middle attack and spoof data. A successful exploit could allow the attacker to modify the displayed content of the website that is being viewed by the user. IBM X-Force ID: 196827.

An attacker could exploit a vulnerability in the LDAP protocol to extract information from the system that the LDAP server is running on. A successful exploit could allow the attacker to access data or manipulate data. IBM X-Force ID: 196828.

An attacker could exploit a vulnerability in the OpenSSL library to perform a man-in-the-middle attack and spoof data. A successful exploit could allow the attacker to modify the displayed content of the website that is being viewed by the user. IBM X-Force ID: 196829.

An attacker could exploit a vulnerability in the SQL protocol to cause denial of service. A successful exploit could cause the application to stop responding or cause an application error. IBM X-Force ID: 196830.

An attacker could exploit a vulnerability in the LDAP protocol to cause denial of service. A successful exploit could cause the system to stop responding or cause an

Dependency

A vulnerability in the LDAP protocol could allow a remote attacker to spoof data. A successful exploit could allow the attacker to modify the displayed content of the website that is being viewed by the user. IBM X-Force ID: 196829.

Rational Application Security or RAS

Rational Application Security, or RAS, is a security approach based on the assumption that software vulnerabilities exist and that they will be exploited. This is especially true for applications where it is difficult to identify the source of exploiting code.
The primary principle of RAS is that every software application should be developed and deployed using mitigation strategies in place, such as
secure coding practices, vulnerability management processes, external vulnerability scans, and penetration testing.

Developers should use the following mitigation tools:
- Coding practices: A set of secure development guidelines includes separation between client and server functionality, input validation, logging with proper context and sensitivity levels, data encryption with key management, avoiding direct file access in favor of network calls when possible.
- Vulnerability management process: Includes creating a clear lifecycle for every module/application lifecycle stage; assigning a risk value to every module/application asset; running regular penetration tests; identifying new vulnerabilities during development; release-blocking changes before deployment to production.
- External vulnerability scans: Use automated open source scanning tools like WhiteHat Sentinel which can detect issues in applications at development stages before deployment to production systems.
- Penetration testing: Uses automated tools like Metasploit to test for vulnerabilities in applications under development or already deployed in production environments.

Installation of the SSL certificate

The installation of the SSL certificate was successful.

Timeline

Published on: 09/01/2022 19:15:00 UTC
Last modified on: 09/07/2022 14:09:00 UTC

References

• https://www.ibm.com/support/pages/node/6615285
• https://exchange.xforce.ibmcloud.com/vulnerabilities/196825
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20468