CVE-2025-0823 — Path Traversal in IBM Cognos Analytics

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 77.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Analytics

Timeline

PublishedFeb 28

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/cognos_analytics11.2.0 — 11.2.4+3

▶CVEListV5ibm/cognos_analytics11.2.0 — 11.2.4 FP5+1

Patches

Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM MQ path traversal↗2025-02-28

▶

GHSA

GHSA-9pqw-9742-qhjm: IBM Cognos Analytics 11↗2025-02-28

▶