CVE-2024-25047: IBM Cognos Analytics log injection
First published: Wed May 01 2024(Updated: )
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Analytics | <=12.0-12.0.2 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-25047?
CVE-2024-25047 is considered a high severity vulnerability due to its potential for injection attacks.
How do I fix CVE-2024-25047?
To fix CVE-2024-25047, update IBM Cognos Analytics to versions 11.2.4 FP3 or 12.0.3 or later.
What versions of IBM Cognos Analytics are affected by CVE-2024-25047?
CVE-2024-25047 affects IBM Cognos Analytics versions 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2.
What type of attacks can CVE-2024-25047 facilitate?
CVE-2024-25047 can facilitate injection attacks due to the lack of sanitization of user-provided data.
Who reported CVE-2024-25047?
CVE-2024-25047 was reported by IBM X-Force, with the ID 282956.
- agent/weakness
- agent/title
- agent/type
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/references
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0-12.0.2
- version/ibm cognos analytics/11.2.0-11.2.4 fp2