CVE-2023-47160

High CVSS 8.2

Overview

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0

is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CWE: CWE-611 Published: 2025-02-19T17:15:13.983

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.2 (HIGH)
Detected tags: info_leak, xxe (tag impact: MODERATE)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Disable external entities in XML parsers; use safe libraries.

Overview

Recommended tools

Tags