CVE-2024-25047
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/05/2024
Last modified:
02/07/2025
Description
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* | 11.2.0 (including) | 11.2.4 (excluding) |
| cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* | 12.0.0 (including) | 12.0.3 (excluding) |
| cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://www.ibm.com/support/pages/node/7149874
- https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://www.ibm.com/support/pages/node/7149874