PT-2024-20721 · Ibm · Ibm Planning Analytics+1
Published
2024-06-28
·
Updated
2024-08-01
·
CVE-2024-25053
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cognos Analytics versions 11.2.0 through 11.2.4
IBM Cognos Analytics versions 12.0.0 through 12.0.2
Description
The issue is related to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server.
Recommendations
For versions 11.2.0 through 11.2.4, update to a version that includes the fix for the improper certificate validation issue.
For versions 12.0.0 through 12.0.2, update to a version that includes the fix for the improper certificate validation issue.
As a temporary workaround, consider restricting the use of the IBM Planning Analytics Data Source Connection until a patch is available.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cognos Analytics
Ibm Planning Analytics