PT-2024-20717 · Ibm · Ibm Cognos Analytics
Published
2024-05-02
·
Updated
2025-07-02
·
CVE-2024-25047
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Analytics versions 11.2.0 through 11.2.4
IBM Cognos Analytics versions 12.0.0 through 12.0.2
Description
The issue is related to injection attacks in application logging due to the lack of sanitization of user-provided data. This could lead to further attacks against the system.
Recommendations
For IBM Cognos Analytics versions 11.2.0 through 11.2.4, upgrade to a patched version to address improper output handling.
For IBM Cognos Analytics versions 12.0.0 through 12.0.2, upgrade to a patched version to address improper output handling.
As a temporary workaround, consider auditing logs for suspicious activity to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Analytics