Cognos Analytics Vulnerable to Certificate Validation Attack
CVE-2024-25053

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 28 June 2024

Summary

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.

Affected Version(s)

Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

References

https://www.ibm.com/support/pages/node/7156941

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/283364

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Feb 3, 2024

Collectors

NVD DatabaseMitre Database