IBM Cognos Analytics has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2023-35009, CVE-2023-35011)
Security vulnerabilities have been addressed in IBM Cognos Analytics. IBM Cognos Analytics is vulnerable to an Arbitrary File Write via Archive Extraction (Zip Slip) in JSZip (CVE-2022-48285). This has been addressed by upgrading JZIP to a non-vulnerable version. A Server-Side Request Forgery (SSRF) vulnerability has been addressed (CVE-2023-35011). Additionally, a vulnerability that exposes a detailed error message which could be used to gain information for further attacks has been addressed (CVE-2023-35009).
Please refer to the following Security Bulletins for more details.
Review the system requirements for the product in the IBM Cognos Analytics 11.1 Installation and Configuration Guide. This document is available from the IBM Cognos Analytics documentation.
[{"PRLabel":"IBM Cognos Analytics documentation","PRLang":"English","PRSize":"1 B","PRPlat":{"label":"Platform Independent","code":"PF025"},"PRURL":"https://www.ibm.com/support/knowledgecenter/SSEP7J"}]
Follow the instructions in the Installation and Configuration Guide available from the IBM Cognos Analytics documentation to install the product.
It is recommended that you install the latest generally available interim fix.
Entitled Bundled Customers use this link Cognos Analytics 11.1.7 IF10 to get access to download Cognos Analytics 11.1.7 Interim Fix 10.
On
[{"DNLabel":"IBM Cognos Analytics 64-bit 11.1.7 IF10 AIX","DNDate":"15 Aug 2023","DNLang":"Language Independent","DNSize":"7.21 GB","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=11.1.7&platform=All&function=fixId&fixids=11.1.7-BA-CA-AIX64-IF010","DNURL_FTP":"","DDURL":null},{"DNLabel":"IBM Cognos Analytics 64-bit 11.1.7 IF10 Linux Sys p LE","DNDate":"15 Aug 2023","DNLang":"Language Independent","DNSize":"6.86 GB","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=11.1.7&platform=All&function=fixId&fixids=11.1.7-BA-CA-Linuxple64-IF010","DNURL_FTP":"","DDURL":null},{"DNLabel":"IBM Cognos Analytics 64-bit 11.1.7 IF10 Linux pSeries","DNDate":"15 Aug 2023","DNLang":"Language Independent","DNSize":"7.05 GB","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=11.1.7&platform=All&function=fixId&fixids=11.1.7-BA-CA-Linuxppc64-IF010","DNURL_FTP":"","DDURL":null},{"DNLabel":"IBM Cognos Analytics 64-bit 11.1.7 IF10 Linux x86","DNDate":"15 Aug 2023","DNLang":"Language Independent","DNSize":"7.43 GB","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=11.1.7&platform=All&function=fixId&fixids=11.1.7-BA-CA-Linuxi38664-IF010","DNURL_FTP":"","DDURL":null},{"DNLabel":"IBM Cognos Analytics 64-bit 11.1.7 IF10 Linux zSeries","DNDate":"15 Aug 2023","DNLang":"Language Independent","DNSize":"7.04 GB","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=11.1.7&platform=All&function=fixId&fixids=11.1.7-BA-CA-zLinux64-IF010","DNURL_FTP":"","DDURL":null},{"DNLabel":"IBM Cognos Analytics 64-bit 11.1.7 IF10 Windows","DNDate":"15 Aug 2023","DNLang":"Language Independent","DNSize":"8.00 GB","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=11.1.7&platform=All&function=fixId&fixids=11.1.7-BA-CA-Win64-IF010","DNURL_FTP":"","DDURL":null}]
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6sAAC","label":"Install-\u003EConfigure"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.1.7"}]