Expression Language Injection Vulnerability in IBM Cognos Analytics
CVE-2024-51466

9CRITICAL

Key Information:

Vendor: IBM
Vendor: CVE Published:; 20 December 2024

Badges

📰 News Worthy

What is CVE-2024-51466?

CVE-2024-51466 identifies a critical Expression Language (EL) Injection vulnerability found in IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4. This vulnerability allows remote attackers to manipulate EL statements, potentially exposing sensitive information, monopolizing system memory resources, and leading to server crashes. Organizations using affected versions should prioritize updating their systems to mitigate these risks and protect against potential exploitation.

News Articles

CybersecurityNews

CVE-2023-42017 CVE-2024-51466

IBM Cognos Analytics Vulnerability Allows Malicious File Upload & Injection Attacks

IBM has released a critical security update for its Cognos Analytics software, addressing two severe vulnerabilities: CVE-2023-42017 and CVE-2024-51466.

References

https://www.ibm.com/support/pages/node/7179496

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Dec 26, 2024
Vulnerability published
Dec 20, 2024