XML External Entity Injection Vulnerability in IBM Cognos Analytics
CVE-2024-49352

7.1HIGH

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 5 February 2025

Summary

IBM Cognos Analytics is susceptible to an XML External Entity Injection attack, allowing a remote adversary to manipulate XML data processing. By exploiting this vulnerability, attackers could access sensitive information or deplete system resources, potentially leading to significant operational disruptions.

Affected Version(s)

Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4

References

https://www.ibm.com/support/pages/node/7181480

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Oct 14, 2024