CVE-2025-1494

Summary

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Affected Software

VendorProductVersion RangeStatus
IBMCognos Command Center10.2.4.1affected
IBMCognos Command Center10.2.5affected

Weaknesses

  • CWE-1021: CWE-1021 Improper Restriction of Rendered UI Layers or Frames

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References