CVE-2024-25042

Summary

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3

is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.

Affected Software

VendorProductVersion RangeStatus
IBMCognos Analytics11.2.0 <= 11.2.4affected
IBMCognos Analytics12.0.0 <= 12.0.3affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References