5.9
CVE-2024-25053
- EPSS 0.09%
- Veröffentlicht 28.06.2024 19:15:04
- Zuletzt bearbeitet 03.11.2025 22:16:47
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Cognos Analytics Version11.2.0
Ibm ≫ Cognos Analytics Version11.2.1
Ibm ≫ Cognos Analytics Version11.2.2
Ibm ≫ Cognos Analytics Version11.2.3
Ibm ≫ Cognos Analytics Version11.2.4 Update-
Ibm ≫ Cognos Analytics Version12.0.0
Ibm ≫ Cognos Analytics Version12.0.1
Ibm ≫ Cognos Analytics Version12.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.262 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| psirt@us.ibm.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.