Lucene search

[email protected]CVE-2024-25047

HistoryMay 02, 2024 - 9:16 p.m.

CVE-2024-25047

2024-05-0221:16:11

CWE-117

[email protected]

web.nvd.nist.gov

ibm cognos analytics

injection

vulnerability

application logging

sanitizing

user provided data

system attacks

ibm x-force id

nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

Affected configurations

Vulners

Node

ibmcognos_analyticsMatch11.2.0

ibmcognos_analyticsMatch11.2.1

ibmcognos_analyticsMatch11.2.2

ibmcognos_analyticsMatch11.2.3

ibmcognos_analyticsMatch11.2.4

ibmcognos_analyticsMatch12.0.0

ibmcognos_analyticsMatch12.0.1

ibmcognos_analyticsMatch12.0.2

VendorProductVersionCPE
ibmcognos_analytics11.2.0cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
ibmcognos_analytics11.2.1cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
ibmcognos_analytics11.2.2cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
ibmcognos_analytics11.2.3cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
ibmcognos_analytics11.2.4cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
ibmcognos_analytics12.0.0cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
ibmcognos_analytics12.0.1cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
ibmcognos_analytics12.0.2cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cognos_analytics	11.2.0	cpe:2.3:a:ibm:cognos_analytics:11.2.0:::::::*
ibm	cognos_analytics	11.2.1	cpe:2.3:a:ibm:cognos_analytics:11.2.1:::::::*
ibm	cognos_analytics	11.2.2	cpe:2.3:a:ibm:cognos_analytics:11.2.2:::::::*
ibm	cognos_analytics	11.2.3	cpe:2.3:a:ibm:cognos_analytics:11.2.3:::::::*
ibm	cognos_analytics	11.2.4	cpe:2.3:a:ibm:cognos_analytics:11.2.4:::::::*
ibm	cognos_analytics	12.0.0	cpe:2.3:a:ibm:cognos_analytics:12.0.0:::::::*
ibm	cognos_analytics	12.0.1	cpe:2.3:a:ibm:cognos_analytics:12.0.1:::::::*
ibm	cognos_analytics	12.0.2	cpe:2.3:a:ibm:cognos_analytics:12.0.2:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cognos Analytics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/282956

security.netapp.com/advisory/ntap-20240621-0007/

www.ibm.com/support/pages/node/7149874

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2024-25047

nvd1 cvelist1 vulnrichment1 ibm1