CVE-2024-45082

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3

Description The issue could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed and redirect a user to a malicious Web site that would appear to be trusted.

Recommendations For versions 11.2.0 through 11.2.4, consider disabling any functionality that may be leveraging open redirects until a patch is available. For versions 12.0.0 through 12.0.3, restrict access to any modules or functions that could be used to conduct phishing attacks, minimizing the risk of exploitation. As a temporary workaround, consider implementing additional validation on URL redirects to minimize the risk of open redirect attacks.