IBM Cognos Analytics Vulnerable to Injection Attacks

CVE-2024-25047

8.6HIGH

Key Information

Vendor: IBM
Status: Cognos Analytics
Vendor: Published:; 2 May 2024

Summary

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

Affected Version(s)

Cognos Analytics = 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

NONE

Integrity:

HIGH

Availability:

NONE

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

CHANGED

Timeline

Vulnerability published.
May 2, 2024
Vulnerability Reserved.
Feb 3, 2024

Collectors

NVD DatabaseMitre Database