CVE-2024-25053

CWE-295Improper Certificate Validation3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 76.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics
Timeline
PublishedJun 28
Latest updateJun 29

Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cognos_analytics11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2
NVDibm/cognos_analytics8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-whx9-2vf8-4hvm: IBM Cognos Analytics 112024-06-29
CVEList
IBM Cognos Analytics improper certificate validation2024-06-28
CVE-2024-25053 (MEDIUM CVSS 5.9) | IBM Cognos Analytics 11.2.0 | cvebase.io