Injection in IBM Cognos Analytics App Logging 11.2.0-11.2.4/12.0.0-12.0.2
CVE-2024-25047 Published on May 2, 2024
IBM Cognos Analytics log injection
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
Vulnerability Analysis
CVE-2024-25047 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
Products Associated with CVE-2024-25047
stack.watch emails you whenever new vulnerabilities are published in IBM Cognos Analytics or NetApp Oncommand Insight. Just hit a watch button to start following.
Affected Versions
IBM Cognos Analytics:- Version 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2 is affected.
- Version 11.2.0 <= 11.2.4, 12.0.0 <= 12.0.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.