CVE-2024-49352
05.02.2025, 11:15
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ibm | cognos_analytics | 11.2.0 ≤ 𝑥 < 11.2.4 |
| ibm | cognos_analytics | 12.0.0 ≤ 𝑥 < 12.0.4 |
| ibm | cognos_analytics | 11.2.4 |
| ibm | cognos_analytics | 11.2.4:fixpack1 |
| ibm | cognos_analytics | 11.2.4:fixpack2 |
| ibm | cognos_analytics | 11.2.4:fixpack3 |
| ibm | cognos_analytics | 11.2.4:fixpack4 |
| ibm | cognos_analytics | 12.0.4 |
| ibm | cognos_analytics | 12.0.4:interim_fix_1 |
𝑥
= Vulnerable software versions