5.9
CVE-2024-25053
- EPSS 0.08%
- Veröffentlicht 28.06.2024 19:15:04
- Zuletzt bearbeitet 21.11.2024 09:00:10
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Cognos Analytics Version11.2.0
Ibm ≫ Cognos Analytics Version11.2.1
Ibm ≫ Cognos Analytics Version11.2.2
Ibm ≫ Cognos Analytics Version11.2.3
Ibm ≫ Cognos Analytics Version11.2.4 Update-
Ibm ≫ Cognos Analytics Version12.0.0
Ibm ≫ Cognos Analytics Version12.0.1
Ibm ≫ Cognos Analytics Version12.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.247 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| psirt@us.ibm.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.