CVE-2025-0923

Summary

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

Affected Software

VendorProductVersion RangeStatus
IBMCognos Analytics11.2.0affected
IBMCognos Analytics11.2.1affected
IBMCognos Analytics11.2.2affected
IBMCognos Analytics11.2.3affected
IBMCognos Analytics11.2.4affected
IBMCognos Analytics12.0.0affected
IBMCognos Analytics12.0.1affected
IBMCognos Analytics12.0.2affected
IBMCognos Analytics12.0.3affected
IBMCognos Analytics12.0.4affected

Weaknesses

  • CWE-540: CWE-540 Inclusion of Sensitive Information in Source Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References