Stored Cross-Site Scripting Vulnerability in IBM Cognos Analytics
CVE-2024-52900

6.4MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 28 June 2025

What is CVE-2024-52900?

IBM Cognos Analytics versions 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 are affected by a stored cross-site scripting vulnerability. This security flaw permits authenticated users to execute arbitrary JavaScript code within the web user interface. This can lead to significant alterations in functionality and raises the risk of credential disclosure within trusted sessions, jeopardizing system security. It is crucial for users of these versions to be aware and apply necessary updates.

Affected Version(s)

Cognos Analytics 11.2.0 <= 11.2.4 FP5

Cognos Analytics 12.0.0 <= 12.0.4

References

https://www.ibm.com/support/pages/node/7238163

vendor-advisory

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Nov 17, 2024