First published: Wed May 01 2024(Updated: )
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cognos Analytics | <=12.0-12.0.2 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-25047 is considered a high severity vulnerability due to its potential for injection attacks.
To fix CVE-2024-25047, update IBM Cognos Analytics to versions 11.2.4 FP3 or 12.0.3 or later.
CVE-2024-25047 affects IBM Cognos Analytics versions 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2.
CVE-2024-25047 can facilitate injection attacks due to the lack of sanitization of user-provided data.
CVE-2024-25047 was reported by IBM X-Force, with the ID 282956.