8.6
CVE-2024-25047
- EPSS 0.64%
- Veröffentlicht 02.05.2024 21:16:11
- Zuletzt bearbeitet 02.07.2025 15:41:45
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Cognos Analytics log injection
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Cognos Analytics Version >= 11.2.0 < 11.2.4
Ibm ≫ Cognos Analytics Version >= 12.0.0 < 12.0.3
Ibm ≫ Cognos Analytics Version11.2.4 Update-
Ibm ≫ Cognos Analytics Version11.2.4 Updatefixpack1
Ibm ≫ Cognos Analytics Version11.2.4 Updatefixpack2
Netapp ≫ Oncommand Insight Version-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.46 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
|
CWE-117 Improper Output Neutralization for Logs
The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
https://security.netapp.com/advisory/ntap-20240621-0007/
https://exchange.xforce.ibmcloud.com/vulnerabilities/282956
https://www.ibm.com/support/pages/node/7149874