HTML Injection Vulnerability in IBM Cognos Analytics
CVE-2024-41752

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 18 December 2024

Summary

IBM Cognos Analytics versions 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 exhibit a security flaw allowing HTML injection. This vulnerability permits an attacker to introduce malicious HTML content, potentially executing harmful scripts in the context of the user’s web browser when the affected page is viewed. Organizations using these versions should take immediate action to mitigate the risk posed by this vulnerability.

References

https://www.ibm.com/support/pages/node/7177223

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2024