Vulnerability Details CVE-2024-25047
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.1%
CVSS Severity
CVSS v3 Score 8.6
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://www.ibm.com/support/pages/node/7149874
- https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://www.ibm.com/support/pages/node/7149874
Products affected by CVE-2024-25047
-
cpe:2.3:a:ibm:cognos_analytics:11.2.0
-
cpe:2.3:a:ibm:cognos_analytics:11.2.1
-
cpe:2.3:a:ibm:cognos_analytics:11.2.2
-
cpe:2.3:a:ibm:cognos_analytics:11.2.3
-
cpe:2.3:a:ibm:cognos_analytics:11.2.4
-
cpe:2.3:a:ibm:cognos_analytics:12.0.0
-
cpe:2.3:a:ibm:cognos_analytics:12.0.1
-
cpe:2.3:a:ibm:cognos_analytics:12.0.2
-
cpe:2.3:a:netapp:oncommand_insight:-