CVE-2024-25047

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system.  IBM X-Force ID:  282956.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
ibmCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
ibmcognos_analytics
11.2.0 ≤
𝑥
< 11.2.4
ibmcognos_analytics
12.0.0 ≤
𝑥
< 12.0.3
ibmcognos_analytics
11.2.4
ibmcognos_analytics
11.2.4:fixpack1
ibmcognos_analytics
11.2.4:fixpack2
netapponcommand_insight
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
https://security.netapp.com/advisory/ntap-20240621-0007/
https://www.ibm.com/support/pages/node/7149874
https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
https://security.netapp.com/advisory/ntap-20240621-0007/
https://www.ibm.com/support/pages/node/7149874