CVE-2024-25047

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Affected products

ibm / cognos_analytics11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2 – 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

References

MISChttps://www.ibm.com/support/pages/node/7149874
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/282956
MISChttps://security.netapp.com/advisory/ntap-20240621-0007/