CVE-2024-45082

CWE-601Open Redirect3 documents3 sources
Severity
5.2MEDIUM
EPSS
0.0%
top 88.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics
Timeline
PublishedDec 18

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

CVEListV5ibm/cognos_analytics11.2.011.2.4+1
NVDibm/cognos_analytics11.2.011.2.4+1

🔴Vulnerability Details

2
CVEList
IBM Cognos Analytics HTTP open redirection2024-12-18
GHSA
GHSA-gr94-xfwg-97fp: IBM Cognos Analytics 112024-12-18
CVE-2024-45082 (MEDIUM CVSS 5.2) | IBM Cognos Analytics 11.2.0 through | cvebase.io