CVE-2024-25047

CWE-1174 documents4 sources
Severity
8.6HIGH
EPSS
0.1%
top 82.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics
Timeline
PublishedMay 2
Latest updateDec 12

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDibm/cognos_analytics11.2.011.2.4+2
CVEListV5ibm/cognos_analytics11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
OSV
smarty3 vulnerabilities2024-12-12
GHSA
GHSA-6r52-jcm4-48gv: IBM Cognos Analytics 112024-05-02
CVEList
IBM Cognos Analytics log injection2024-05-02
CVE-2024-25047 (HIGH CVSS 8.6) | IBM Cognos Analytics 11.2.0 through | cvebase.io