IBM Cognos Analytics Vulnerable to Cross Site Scripting (XSS)
CVE-2024-25041

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 28 June 2024

Summary

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780.

Affected Version(s)

Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

References

https://www.ibm.com/support/pages/node/7156941

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/282780

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Feb 3, 2024

Collectors

NVD DatabaseMitre Database