CVE-2024-41752

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3

Description The issue concerns an HTML injection vulnerability. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's web browser within the security context of the hosting site.

Recommendations For versions 11.2.0 through 11.2.4, update to a version outside of this range to mitigate the risk. For versions 12.0.0 through 12.0.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the affected IBM Cognos Analytics instances until a patch is available.