IBM Cognos Analytics Vulnerable to Injection Attacks
CVE-2024-25047

8.6HIGH

Key Information:

Vendor

IBM
Status
Cognos Analytics
Vendor
CVE Published:
2 May 2024

What is CVE-2024-25047?

IBM Cognos Analytics versions 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 are exposed to injection attacks due to a flaw in the handling of application logging. This vulnerability arises from the lack of proper sanitization of user-provided data, which may enable attackers to execute arbitrary code or conduct further exploits against the system. Organizations utilizing the affected versions are encouraged to implement remediation measures to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

References

https://www.ibm.com/support/pages/node/7149874
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
vdb-entry
https://security.netapp.com/advisory/ntap-20240621-0007/

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.