Lucene search

IbmCVE-2024-25047

HistoryMay 02, 2024 - 9:16 p.m.

CVE-2024-25047

2024-05-0221:16:11

CWE-117

ibm

web.nvd.nist.gov

ibm cognos analytics

injection

vulnerability

application logging

sanitizing

user provided data

system attacks

ibm x-force id

nvd

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

15.6%

JSON

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.

Affected configurations

Vulners

Vulnrichment

Node

ibmcognos_analyticsMatch11.2.0

ibmcognos_analyticsMatch11.2.1

ibmcognos_analyticsMatch11.2.2

ibmcognos_analyticsMatch11.2.3

ibmcognos_analyticsMatch11.2.4

ibmcognos_analyticsMatch12.0.0

ibmcognos_analyticsMatch12.0.1

ibmcognos_analyticsMatch12.0.2

VendorProductVersionCPE
ibmcognos_analytics11.2.0cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
ibmcognos_analytics11.2.1cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
ibmcognos_analytics11.2.2cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
ibmcognos_analytics11.2.3cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
ibmcognos_analytics11.2.4cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*
ibmcognos_analytics12.0.0cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
ibmcognos_analytics12.0.1cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
ibmcognos_analytics12.0.2cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cognos_analytics	11.2.0	cpe:2.3:a:ibm:cognos_analytics:11.2.0:::::::*
ibm	cognos_analytics	11.2.1	cpe:2.3:a:ibm:cognos_analytics:11.2.1:::::::*
ibm	cognos_analytics	11.2.2	cpe:2.3:a:ibm:cognos_analytics:11.2.2:::::::*
ibm	cognos_analytics	11.2.3	cpe:2.3:a:ibm:cognos_analytics:11.2.3:::::::*
ibm	cognos_analytics	11.2.4	cpe:2.3:a:ibm:cognos_analytics:11.2.4:::::::*
ibm	cognos_analytics	12.0.0	cpe:2.3:a:ibm:cognos_analytics:12.0.0:::::::*
ibm	cognos_analytics	12.0.1	cpe:2.3:a:ibm:cognos_analytics:12.0.1:::::::*
ibm	cognos_analytics	12.0.2	cpe:2.3:a:ibm:cognos_analytics:12.0.2:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cognos Analytics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/282956

security.netapp.com/advisory/ntap-20240621-0007/

www.ibm.com/support/pages/node/7149874

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

15.6%

JSON

Related for CVE-2024-25047