Is OnCommand Insight Data Warehouse vulnerable to CVE-2022-3171 or CVE-2022-1941?
Applies to
- OnCommand Insight Data Warehouse 7.3.14 and prior
Answer
- No
- Covered under the same explanation as CVE-2022-2097, which is not exploitable:
- "OCI DWH installations include Oracle MySQL ODBC driver. ODBC driver is used by Cognos to communicate with DWH's MySQL DB where both Cognos and MySQL are located on the same machine. This backend communication path is controlled by Cognos and this backend communication path is not accessible by external users. Therefore OCI is not exploitable."
Additional Information
additionalInformation_text