Directory Traversal Vulnerability in IBM Cognos Analytics
CVE-2025-0823

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 28 February 2025

Summary

IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 are susceptible to a directory traversal vulnerability. This issue allows remote attackers to exploit specially crafted URL requests containing 'dot dot' sequences (/../), thereby gaining unauthorized access to system files. Successful exploitation may enable attackers to view arbitrary files on the host, leading to potential data exposure and security breaches.

Affected Version(s)

Cognos Analytics 11.2.0 <= 11.2.4 FP5

Cognos Analytics 12.0.0 <= 12.0.4

References

https://www.ibm.com/support/pages/node/7183676

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Jan 29, 2025