April 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Bitter APT Group – Active IOCs
July 5, 2024Multiple Adobe Experience Manager Vulnerabilities
July 5, 2024Bitter APT Group – Active IOCs
July 5, 2024Multiple Adobe Experience Manager Vulnerabilities
July 5, 2024
Severity
Medium
Analysis Summary
CVE-2024-25041 CVSS:5.4
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant.
CVE-2024-25053 CVSS:5.9
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server.
Impact
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-25041
- CVE-2024-25053
Affected Vendors
IBM
Affected Products
- IBM Cognos Analytics 11.2.1
- IBM Cognos Analytics 11.2.4
- IBM Cognos Analytics 12.0.0
- IBM Cognos Analytics 11.2.0
- IBM Cognos Analytics 11.2.3
- IBM Cognos Analytics 11.2.2
- IBM Cognos Analytics 12.0.1
- IBM Cognos Analytics 12.0.2
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.
