Rewterz Threat Advisory – Multiple IBM Cognos Dashboards Vulnerabilities

Rewterz Threat Advisory – CVE-2023-46033 – D-Link DSL-2750U N300 ADSL2+ and DSL-2730U N150 ADSL2+ routers Vulnerability

October 23, 2023

Rewterz Threat Alert – AsyncRAT – Active IOCs

October 23, 2023

Rewterz Threat Advisory – Multiple IBM Cognos Dashboards Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-38735 CVSS:5.7

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site.

CVE-2023-38276 CVSS:5.9

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system.

CVE-2023-38275 CVSS:5.9

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system.

Impact

Information Disclosure
Security Bypass

Indicators Of Compromise

CVE

CVE-2023-38735
CVE-2023-38276
CVE-2023-38275

Affected Vendors

IBM

Affected Products

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

IBM Security Advisory

Rewterz Threat Advisory – CVE-2023-46033 – D-Link DSL-2750U N300 ADSL2+ and DSL-2730U N150 ADSL2+ routers Vulnerability

Rewterz Threat Alert – AsyncRAT – Active IOCs

Rewterz Threat Advisory – Multiple IBM Cognos Dashboards Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan