7 matches found
Security Bulletin: IBM Cognos Analytics is vulnerable to Malicious File Upload and EL Injection vulnerabilities (CVE-2024-40695, CVE-2024-51466)
Summary IBM Cognos Analytics is considered vulnerable to a Malicious File Upload which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2024-40695 and an Expression Language EL Injection which could allow a remote attacker to explo...
CVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466
creationtimestamp| type| source ---|---|--- 2024-12-20 15:54:46+00:00| seen| https://t.me/cvedetector/13432 2024-12-21 07:08:33+00:00| seen| https://infosec.exchange/users/vuldb/statuses/113689553325356856 2024-12-22 05:13:28+00:00| seen|...
CVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466
IBM Cognos Analytics (11.2.0–11.2.4 FP4 and 12.0.0–12.0.4) is vulnerable to an Expression Language (EL) Injection that can allow a remote attacker to disclose data, exhaust memory, or crash the server when processing crafted EL statements. Affected products/versions are explicitly listed in the v...
CVE-2024-51466 IBM Cognos Analytics expression language injection
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466 IBM Cognos Analytics expression language injection
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...