IBM Cognos Analytics Vulnerable to Injection Attacks
CVE-2024-25047

8.6HIGH

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 2 May 2024

What is CVE-2024-25047?

IBM Cognos Analytics versions 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 are exposed to injection attacks due to a flaw in the handling of application logging. This vulnerability arises from the lack of proper sanitization of user-provided data, which may enable attackers to execute arbitrary code or conduct further exploits against the system. Organizations utilizing the affected versions are encouraged to implement remediation measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

References

https://www.ibm.com/support/pages/node/7149874

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/282956

vdb-entry

https://security.netapp.com/advisory/ntap-20240621-0007/

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Feb 3, 2024