Cognos Analytics Vulnerable to Certificate Validation Attack

CVE-2024-25053

5.9MEDIUM

Key Information

Vendor: IBM
Status: Cognos Analytics
Vendor: Published:; 28 June 2024

Summary

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.

Affected Version(s)

Cognos Analytics = 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

NONE

Integrity:

HIGH

Availability:

NONE

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
Jun 28, 2024
Vulnerability Reserved.
Feb 3, 2024

Collectors

NVD DatabaseMitre Database