Vulnerability Description
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Cognos Analytics | >= 11.2.0, < 11.2.4 |
| Netapp | Oncommand Insight | - |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/282956VDB EntryVendor Advisory
- https://security.netapp.com/advisory/ntap-20240621-0007/Third Party Advisory
- https://www.ibm.com/support/pages/node/7149874PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/282956VDB EntryVendor Advisory
- https://security.netapp.com/advisory/ntap-20240621-0007/Third Party Advisory
- https://www.ibm.com/support/pages/node/7149874PatchVendor Advisory
FAQ
What is CVE-2024-25047?
CVE-2024-25047 is a vulnerability with a CVSS score of 8.6 (HIGH). IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks ...
How severe is CVE-2024-25047?
CVE-2024-25047 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25047?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Cognos Analytics, Netapp Oncommand Insight.