CVE-2025-0823 IBM MQ path traversal

🗓️ 28 Feb 2025 02:31:01Reported by ibmType

Remote attacker can exploit IBM Cognos Analytics path traversal vulnerability to access files.

Reporter	Title	Published	Views	Family All 10
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities	27 Feb 202517:03	–	ibm
Circl	CVE-2025-0823	28 Feb 202503:26	–	circl
CNNVD	IBM Cognos Analytics 路径遍历漏洞	28 Feb 202500:00	–	cnnvd
CVE	CVE-2025-0823	28 Feb 202502:31	–	cve
EUVD	EUVD-2025-5482	3 Oct 202520:07	–	euvd
NVD	CVE-2025-0823	28 Feb 202503:15	–	nvd
OSV	CVE-2025-0823	28 Feb 202503:15	–	osv
Positive Technologies	PT-2025-9049 · Ibm · Ibm Cognos Analytics	28 Feb 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-0823	2 Mar 202507:20	–	redhatcve
Vulnrichment	CVE-2025-0823 IBM MQ path traversal	28 Feb 202502:31	–	vulnrichment

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Cognos Analytics",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "11.2.4 FP5",
        "status": "affected",
        "version": "11.2.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "12.0.4",
        "status": "affected",
        "version": "12.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7183676

28 Feb 2025 02:31Current

CVSS 3.16.5

EPSS0.00073

CWE-22