CVE-2024-25053: IBM Cognos Analytics improper certificate validation
First published: Thu Jun 27 2024(Updated: )
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Analytics | <=12.0.0-12.0.2 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP3 | |
| IBM Cognos Analytics | =11.2.0 | |
| IBM Cognos Analytics | =11.2.1 | |
| IBM Cognos Analytics | =11.2.2 | |
| IBM Cognos Analytics | =11.2.3 | |
| IBM Cognos Analytics | =11.2.4 | |
| IBM Cognos Analytics | =12.0.0 | |
| IBM Cognos Analytics | =12.0.1 | |
| IBM Cognos Analytics | =12.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/title
- agent/references
- agent/type
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/first-publish-date
- agent/description
- agent/softwarecombine
- agent/author
- agent/severity
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.2
- version/ibm cognos analytics/11.2.0-11.2.4 fp3
- version/ibm cognos analytics/11.2.0
- version/ibm cognos analytics/11.2.1
- version/ibm cognos analytics/11.2.2
- version/ibm cognos analytics/11.2.3
- version/ibm cognos analytics/11.2.4
- version/ibm cognos analytics/12.0.0
- version/ibm cognos analytics/12.0.1
- version/ibm cognos analytics/12.0.2